Senior Director - Governance - Risk & Compliance

Senior Director – Governance – Risk & Compliance

Company	Major League Baseball
Location	New York, NY, USA
Salary	$190000 – $260000
Type	Full-Time
Degrees	Bachelor’s, Master’s
Experience Level	Senior, Expert or higher

Requirements

Completed a Master’s or Bachelor’s degree in Information Technology, Information Security, Cybersecurity, Computer Science, or a related field.
Relevant certifications such as CISA, CGRC, CRISC, or similar are highly desirable.
8+ years of experience in governance, risk management, and compliance (focus on data privacy and protection preferred).
Strong understanding of PCI v4.0.1 standards, global data privacy laws and regulations (e.g., GDPR, CCPA), IT control frameworks (e.g., NIST CSF, ISO 27001), and risk assessment methodologies.
Strong attention to detail and a commitment to maintaining high standards and ethics.
Ability to work independently and manage multiple projects effectively.
Strong leadership and team management abilities.
Excellent written and verbal communication skills.
Exceptional analytical and problem-solving skills.
Proficiency in using GRC and risk management tools and software.

Responsibilities

Implement a practical GRC framework aligned with business objectives and regulatory requirements, seamlessly integrating GRC processes and setting executive-level controls.
Uphold internal governance policies, procedures, and standards to ensure adherence to regulations, and surpass industry benchmarks.
Continuously update governance policies and procedures, communicate effectively with stakeholders, and partner with peers to develop new standards as required.
Design and implement a comprehensive Enterprise Risk Management (ERM) program, including risk identification, assessment, mitigation, and monitoring strategies.
Conduct regular risk assessments, including PCI-DSS targeted risk analyses (TRAs), and develop comprehensive risk management plans for various business units and projects.
Ensure readiness for business operations continuity and disaster recovery in case of disruptions.
Implement and maintain a robust data classification framework to protect sensitive and confidential information.
Conduct security audits and assessments focused on Data Privacy, PCI-DSS, and SOC standards to evaluate and improve security controls and processes.
Maintain compliance with data privacy laws, including GDPR, CCPA, and other relevant regulations. Adapt GRC strategies in response to regulatory changes.
Oversee the VRM program, including risk reviews, contract management, and ongoing monitoring to manage risks associated with third-party vendors and suppliers.
Increase organizational awareness of GRC principles and aid in creating internal training programs to improve employee knowledge.
Participate in an on-call rotation to respond to escalated security incidents.
Lead and mentor a small GRC team, fostering a culture of excellence and continuous improvement.
Report on the status of GRC initiatives and key risk indicators to executive management, clearly communicating complex GRC concepts and emerging risks.
Collaborate with stakeholders to embed GRC considerations into business strategy and operations.
Ensure effective communication and coordination of GRC activities with internal and external stakeholders, including Product, Legal, IT, Finance, and HR, to execute aligned GRC objectives.

Preferred Qualifications

Relevant certifications such as CISA, CGRC, CRISC, or similar are highly desirable.