Jobs · Washington

Director, Governance, Risk & Compliance

Infoblox · Tacoma, WA · Today
HybridFull-time

Director, Governance, Risk & Compliance

We are seeking a Director, GRC to lead our Information Security team based in Tacoma, WA. This role reports to the Chief Information Security Officer.

  • Lead and mature the enterprise GRC program: Own policy, user education, risk management, audit and certification, SOX IT general controls (ITGC), customer trust, vendor assurance, and business continuity/disaster recovery for the enterprise.
  • Drive a multi-year automation and AI roadmap: Design workflow automation, AI-enabled processes, and continuous control monitoring that reduce manual effort and improve control quality and transparency.
  • Lead internal and external audits: Coordinate evidence collection, remediation, and stakeholder alignment for SOC 2 and ISO certifications.
  • Manage SOX ITGC compliance: Align controls, testing, documentation, and automation to support public-company readiness.
  • Lead enterprise risk assessments: Implement ISO and NIST frameworks, maintain risk registers, treatment plans, and scalable reporting processes.
  • Implement and optimize GRC tooling: Manage customer trust activities, including security questionnaires, RFX support, trust portal content, and third-party risk for key vendors and providers.
  • Lead and mentor a distributed GRC team: Embed security, compliance, and scalable control practices across the business.
  • Drive continuous improvement: Document, measure, track exceptions, and expand use of AI and automation across GRC operations.

Qualifications

  • 15+ years of experience in governance, risk, and compliance and/or information security and risk management, with direct ownership of controls, audits, and enterprise compliance programs.
  • Functional knowledge of CISSP security domains and information security industry standards and best practices; CISSP preferred.
  • Strong understanding of applicable security regulatory requirements such as SOX and GDPR, including IT general controls.
  • Functional knowledge of ISMS governance models and frameworks such as ISO 27001, NIST CSF, and CAIQ, as well as common security certifications such as SOC 2, ISO 27017/27018, and ISO 42001.
  • Demonstrated experience defining, developing, implementing, assessing, and scaling controls and risk management programs, with a strong track record of leading automation initiatives and applying AI to accelerate GRC processes.
  • Hands-on experience with GRC platforms and workflow tooling such as ServiceNow GRC, AuditBoard, or similar solutions, including configuration and optimization of automated workflows, automatic evidence gathering, gen-AI tooling, and reporting.
  • IT audit background with strong project management and organizational skills; able to work in a fast-paced, ambiguous environment while meeting objectives and deadlines.
  • Ability to communicate risk methodologies, compliance priorities, and security concepts clearly to business stakeholders, with strong attention to detail, accuracy, integrity, security, and confidentiality.
  • Bachelor’s degree in a relevant field such as Computer Science, Information Systems, Engineering, or Business, or equivalent practical experience; familiarity with FedRAMP certifications is a plus.

What You’ll Bring

  • Experience leading and maturing GRC programs, including policy, risk, audit, certifications, SOX ITGC, and customer/vendor assurance.
  • Strong understanding of security regulatory requirements and ISMS governance models.
  • Proven experience in defining, developing, implementing, assessing, and scaling controls and risk management programs.
  • Hands-on experience with GRC platforms and workflow tooling.
  • Experience with automation and AI in GRC processes.
  • Ability to communicate complex security and compliance concepts to business stakeholders.

Similar jobs