Senior Director, Governance and Risk

📋 Description

• • Lead and manage a team of four practitioners responsible for Security Policy, Security Awareness, Business Continuity, Vendor Risk Management, and the Information Security Risk Register.
• • Ensure security policies and standards are maintained, updated, and fully operationalized across the organization, including oversight of communication, exception processes, and governance consistency.
• • Oversee the execution of the organization’s security awareness program, delivering targeted training and campaigns aligned with key risk areas while monitoring engagement and effectiveness metrics.
• • Coordinate and manage Business Continuity and Disaster Recovery governance activities, including oversight of Business Impact Analyses (BIAs), plan updates, testing exercises, and remediation of identified gaps.
• • Maintain an accurate, actionable Information Security Risk Register by overseeing consistent risk identification, assessment, documentation, and escalation practices; support development of risk reporting for senior leadership.
• • Ensure high-quality, standardized execution of the third-party vendor risk assessment program, including SOC 2 reviews, control analysis, and risk evaluation, while driving improved throughput and reduced cycle times.
• • Collaborate effectively with Procurement, Legal, Privacy, Information Security, and business stakeholders to align on risk decisions, ownership, and remediation timelines.
• • Review and negotiate data security language in critical procurement contracts, RFPs, and state contracts, developing tailored risk language to align with organizational requirements.
• • Identify and prioritize opportunities to scale Governance and Risk processes through automation and AI agents, implementing tooling improvements such as OneTrust and KnowBe4 to reduce manual effort in assessments, evidence review, and reporting.
• • Establish and monitor KPIs and KRIs to track team performance, program effectiveness, and continuous improvement across all governance and risk functions.
• • Foster a culture of continuous improvement, accountability, and innovation within the team by setting clear vision, providing coaching, and driving high performance through evidence-based feedback.
• • Promote inclusive leadership by building effective team structures, planning for future needs, and cultivating a culture of belonging and psychological safety.
• • Communicate complex security risks, audit findings, and control gaps clearly and concisely to both technical and non-technical audiences, including executive leadership, to drive informed decision-making.
• • Translate the value of governance and risk practices into clear business terms, demonstrating how strong risk management reduces organizational exposure, enhances resilience, protects trust, and advances the College Board’s mission.
• • Travel up to 3-4 times per year to College Board offices or for business-related in-person engagements.
• • Embrace a learner’s mindset by proactively experimenting with emerging technologies, adopting new AI-driven tools, and independently mastering digital solutions to enhance program effectiveness.
• • Demonstrate strong planning, prioritization, and execution skills in fast-paced environments with multiple concurrent audit timelines, remediation efforts, and control dependencies.
• • Uphold College Board’s Operating Principles and Manager Expectations, aligning all work with a mission-driven focus on expanding educational and career opportunities.