Compliance Specialist II
NBT Bank
Director of Governance, Risk, and Compliance – GRC
Cloudera
full-time
Posted on:
Location Type: Remote
Location: Remote • Alabama, Florida, Illinois, Montana, Pennsylvania • 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
ServiceNow
About the role
- Develop and direct a best-in-class, enterprise-wide GRC program, ensuring it directly supports the company's growth, customer commitments, and security posture.
- Lead, mentor, and manage a team of 8 GRC Analysts, fostering a high-performance, growth-oriented culture centered on continuous improvement and skill development.
- Direct the Compliance Engineering function to maximize efficiency through tooling, automation, and system integrations (e.g., GRC platforms, workflow engines, identity systems).
- Identify and execute optimization opportunities to significantly reduce audit time, effort, and cost by leveraging technology to automate evidence collection and control monitoring.
- Oversee and direct the organization’s risk management strategy, proactively securing sensitive data and information systems against evolving threats.
- Serve as the security subject matter expert for internal stakeholders, supporting customer inquiries, RFI/RFP responses, and contract reviews.
- Collaborate strategically with IT, Product Security, Engineering and Legal/Privacy to embed controls early and ensure security is a competitive differentiator.
- Define and manage all external and internal audit engagements, ensuring organizational readiness and successful, timely outcomes across all regulatory mandates.
- Direct the TPRM program, overseeing vendor, supply chain, and fourth-party risk assessments and due diligence efforts.
- Drive policy creation, expansion, and adoption, establishing clear, actionable standards and controls across the organization.
Requirements
- 8+ years of progressive experience in Information Security and Technology, with a dedicated focus on Governance, Risk, and Compliance in a high-growth or complex regulatory environment.
- Proven, hands-on experience integrating GRC tooling (e.g., ServiceNow GRC) with underlying security systems (e.g., Jira, Identity Providers) to automate controls and reduce manual GRC effort.
- Proven track record in building, leading, and maturing enterprise-level Security and Compliance programs.
- Regulatory Expertise: Expert knowledge and successful audit completion across key frameworks, including: Core: SOC 2, ISO 27001/27002, PCI DSS, FedRAMP Preferred: GovRAMP, TX-Ramp, DISP, IRAP, TISAX, ENS, Cyber Essentials+
- Exceptional communication, presentation, and stakeholder/customer management skills.
- Must be adept at translating complex security and compliance concepts into clear business risks and opportunities for executive leadership and external clients.
- Strong business acumen with experience aligning security initiatives with tangible business requirements, demonstrating the ability to contribute to security-based revenue enablement.
- CISSP, CISM or CISA certification
Benefits
- Generous PTO Policy
- Support work life balance with Unplugged Days
- Flexible WFH Policy
- Mental & Physical Wellness programs
- Phone and Internet Reimbursement program
- Access to Continued Career Development
- Comprehensive Benefits and Competitive Packages
- Paid Volunteer Time
- Employee Resource Groups
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
GovernanceRisk ManagementComplianceGRC ToolingAudit ManagementAutomationEvidence CollectionControl MonitoringSecurity IntegrationPolicy Creation
Soft skills
LeadershipMentoringCommunicationPresentationStakeholder ManagementCollaborationBusiness AcumenContinuous ImprovementTeam ManagementStrategic Thinking
Certifications
CISSPCISMCISA
