Director, Governance, Risk & Compliance
Infoblox · Tacoma, WA · Today
HybridFull-time
Director, Governance, Risk & Compliance
We are seeking a Director, GRC to lead our Information Security team based in Tacoma, WA. This role reports to the Chief Information Security Officer.
- Lead and mature the enterprise GRC program: Own policy, user education, risk management, audit and certification, SOX IT general controls (ITGC), customer trust, vendor assurance, and business continuity/disaster recovery for the enterprise.
- Drive a multi-year automation and AI roadmap: Design workflow automation, AI-enabled processes, and continuous control monitoring that reduce manual effort and improve control quality and transparency.
- Lead internal and external audits: Coordinate evidence collection, remediation, and stakeholder alignment for SOC 2 and ISO certifications.
- Manage SOX ITGC compliance: Align controls, testing, documentation, and automation to support public-company readiness.
- Lead enterprise risk assessments: Implement ISO and NIST frameworks, maintain risk registers, treatment plans, and scalable reporting processes.
- Implement and optimize GRC tooling: Manage customer trust activities, including security questionnaires, RFX support, trust portal content, and third-party risk for key vendors and providers.
- Lead and mentor a distributed GRC team: Embed security, compliance, and scalable control practices across the business.
- Drive continuous improvement: Document, measure, track exceptions, and expand use of AI and automation across GRC operations.
Qualifications
- 15+ years of experience in governance, risk, and compliance and/or information security and risk management, with direct ownership of controls, audits, and enterprise compliance programs.
- Functional knowledge of CISSP security domains and information security industry standards and best practices; CISSP preferred.
- Strong understanding of applicable security regulatory requirements such as SOX and GDPR, including IT general controls.
- Functional knowledge of ISMS governance models and frameworks such as ISO 27001, NIST CSF, and CAIQ, as well as common security certifications such as SOC 2, ISO 27017/27018, and ISO 42001.
- Demonstrated experience defining, developing, implementing, assessing, and scaling controls and risk management programs, with a strong track record of leading automation initiatives and applying AI to accelerate GRC processes.
- Hands-on experience with GRC platforms and workflow tooling such as ServiceNow GRC, AuditBoard, or similar solutions, including configuration and optimization of automated workflows, automatic evidence gathering, gen-AI tooling, and reporting.
- IT audit background with strong project management and organizational skills; able to work in a fast-paced, ambiguous environment while meeting objectives and deadlines.
- Ability to communicate risk methodologies, compliance priorities, and security concepts clearly to business stakeholders, with strong attention to detail, accuracy, integrity, security, and confidentiality.
- Bachelor’s degree in a relevant field such as Computer Science, Information Systems, Engineering, or Business, or equivalent practical experience; familiarity with FedRAMP certifications is a plus.
What You’ll Bring
- Experience leading and maturing GRC programs, including policy, risk, audit, certifications, SOX ITGC, and customer/vendor assurance.
- Strong understanding of security regulatory requirements and ISMS governance models.
- Proven experience in defining, developing, implementing, assessing, and scaling controls and risk management programs.
- Hands-on experience with GRC platforms and workflow tooling.
- Experience with automation and AI in GRC processes.
- Ability to communicate complex security and compliance concepts to business stakeholders.