Director, Governance, Risk, and Compliance

Company: Hudl
Location: Omaha
Posted on: January 25, 2023

Job Description:

We're looking for a Director, Governance, Risk, Compliance to join our Security & Compliance team. If you're looking for the unique opportunity to stretch your leadership capabilities, embrace modern governance, risk, compliance practices through zero-trust strategies, use your builder mentality & lead with the heart of a teacher, you're in luck. You'll help shape the future of security at Hudl.
The Director, Governance, Risk, Compliance is responsible for managing & implementing GRC solutions, driving improvements, creating standards & policies, maintenance of re-usable & scalable solutions, and functioning as a subject matter expert on services provided to the organization. The Director, Governance, Risk, Compliance also builds and maintains strong relationships with multiple business, technical teams, and customers and ensures that the overall security strategy is aligned with both Hudl's strategic objectives and Security & Compliance's charter.
You'll maintain a subject matter expert level of knowledge in GRC, Enterprise Risk Management, security/compliance obligations, regulatory requirements & anticipate legislative/regulatory changes. You'll also architect, develop & implement the common control framework and regulatory compliance programs that support an "implement once, use many" philosophy. As the business evolves, you'll ensure the GRC functions are well positioned to satisfy customer expectations & industry obligations. The Director functions as a key leader within the Information Security & Compliance department and will lead a team of GRC analysts.
Our flexible work policy means you can decide where you want to work: our Lincoln HQ, our Omaha office or remotely within the majority of U.S. states (exceptions: Alaska, California, Colorado, Connecticut, Delaware, D.C., Hawaii, Maine, Montana, New York, New Jersey, New Mexico, New York, North Dakota, Oregon, Rhode Island, Vermont and Washington). #LI-Remote
You are

• 
  
• A leader. You're self-directed. You have the ability to develop & communicate a vision others will be compelled to follow. You'll serve as a governance, risk, compliance subject matter expert that supports the development, implementation & maintenance of GRC & associated frameworks for the enterprise. The best part - you'll actively train, coach, and develop team members.
  
• GRC & Privacy Adept. You'll create and maintain information security policies, standards and controls for the organization based on zero-trust principles and aligned to the ISO standard. You'll also oversee the information risk management process, including risk analysis and mitigation activities, and enhancing the Enterprise Risk Management (ERM) program.
  
• A strong communicator. You advise divisional leaders on risk issues related to control design, effectiveness, regulatory changes & risk appetite, and recommend actions in support of the changing global regulatory environment.
  
• Organized. Documentation and knowledge-sharing comes naturally to you. You value year-over-year improvements and monitor, measure & refine the execution of security plans against strategic & metrics: KRIs & KPIs
  
• A constant learner. You strive not just to learn, but to apply what you've learned in your personal and professional life. You understand current & emerging GRC changes, as well as staying abreast on new standards, and frameworks & integrate them into Hudl's existing enterprise architecture & design where applicable.
  
• Curious. You question the who, what, when, why, where & how with a desire for improvement. You're not satisfied with good enough - you aim to achieve best-in-class capabilities while maintaining efficiency & simplicity.
  
• Pragmatic. You can prioritize, clearly express tradeoffs and generate buy-in on a solution that's best for everyone while in alignment with organizational risk tolerance. You also serve as an informal mentor & advisor to less experienced staff. You have the unique ability to make appropriate decisions considering the relative costs, risks and benefits of potential actions
  
  You will
  
  • 
    
  • Execute strategies that improve the efficacy, efficiency & reliability of security governance, risk, compliance & privacy. Partner with the Data Protection Officer & Legal to mature the privacy program & support through the security program.
    
  • Lead others by empowering innovative approaches and motivating others to be proactive and resourceful. Train, coach, and develop team members
    
  • Apply your deep understanding of design and oversight of ISO 27001, 27002, 27701, 27017 & 27018. Refine controls under the guidance of zero trust principles.
    
  • Implement and lead all facets of Information Security Compliance, procedures and controls to assure compliance with applicable regulatory and legal requirements, including but not limited to General Data Protection Regulation (GDPR), Family Educational Rights & Privacy Act (FERPA), ISO 27001/2, SOC 2, etc.
    
  • Support enhancements driving the RFP, customer trust and due diligence process, & overhaul customer-facing security program documentation to greatly improve customer experience & improve sales velocity..
    
  • Cultivate relationships with business stakeholders (legal, privacy, engineering, product, leadership) and maintain an in-depth knowledge of strategic business plans in order to communicate. GRC/privacy decisions, plans, goals and strategies.
    
  • Provide reporting and metrics to senior leadership (KRI's & KPI's).
    
  • Assess, prioritize and effectively communicate the severity of issues to stakeholders.
    
  • Bring 8-10 years of relevant experience
    
  • Understand the applicability of FERPA, SOC 2 Type 2, ISO 27001/27002/27701:2019 and willingness to support a common control framework.
    
    We will
    
    • 
      
    • Champion work-life harmony. We'll give you the flexibility you need in your work life (e.g., flexible vacation time, company-wide holidays and timeout (meeting-free) days, remote work options and more) so you can enjoy your personal life too.
      
    • Guarantee autonomy. We have an open, honest culture and we trust our people from day one. Your team will support you, but you'll own your work and have the agency to try new ideas.
      
    • Encourage career growth. We're lifelong learners who encourage professional development. We'll give you tons of resources and opportunities to keep growing.
      
    • Provide an environment to help you succeed. We've invested in our offices, designing incredible spaces with our employees in mind. But whether you're at the office or working remotely, we'll provide you the tech stack and hardware to do your best work.
      
    • Support your mental and physical health. We care about our employees' wellbeing. Our Employee Assistance Program, employee resource groups and fitness partner Peerfit have you covered.
      
    • Cover your medicalinsurance. We have multiple plans to pick from to ensure you'll have the coverage you (and your dependents) want, including vision, dental, fertility healthcare and family forming benefits.
      
    • Contribute to your 401(K). Yep, that's free money. We'll match up to 4% of your own contribution.
      

Keywords: Hudl, Omaha , Director, Governance, Risk, and Compliance, Executive , Omaha, Nebraska