Director - Governance, Risk and Compliance

Responsibilities

• Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short-term and long-term roadmaps.
• Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
• Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer-facing security posture.
• Lead and mature the third-party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
• Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
• Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
• Foster a cyber-aware culture by implementing training programs, managing a Security Culture Framework, and building a high-performing GRC team through leadership, mentoring, and development.
• Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
• Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.

Requirements

• Bachelor's degree in information technology, Computer Science, or a related field. Master's degree is preferred.
• 15+ years of experience in information security focusing on governance, risk and compliance domains.
• Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
• Hands-on experience with third-party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
• In-depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
• Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
• Familiarity with AI tools and trends such as generative and agentic AI, with a willingness

Benefits

Additional Information

FactSet creates flexible, open data and software solutions for over 200,000 investment professionals worldwide, providing instant access to financial data and analytics that investors use to make crucial decisions. At FactSet, our values are the foundation of everything we do. They express how we act and operate, serve as a compass in our decision-making, and play a big role in how we treat each other, our clients, and our communities. We believe that the best ideas can come from anyone, anywhere, at any time, and that curiosity is the key to anticipating our clients' needs and exceeding their expectations. Locations: Norwalk, CT | New York City Working Environment: Hybrid Your Team's Impact: The Information Security team at FactSet drives cybersecurity governance, risk, and compliance activities across the Technology organization. The team is responsible for ensuring that technology systems, infrastructure, and projects are effectively designed, managed and optimized to meet security and regulatory requirements. This includes promoting cross-functional collaboration to identify and remediate cyber risks consistently and reporting KRIs and KPIs. We are seeking an experienced, proactive Cyber Risk Leader to serve as the Director of Governance, Risk, and Compliance. This critical role involves leading a global GRC team within the Information Security function, with responsibilities spanning strategic management of cyber risk, third-party risk, customer trust, and development of policies and standards. The successful candidate will collaborate with Technology, Compliance, Business, and Legal teams to update audit frameworks and assess cyber risks, partnering with internal and external auditors to support technology audits. In addition to providing strategic reports for senior management and guidance on regulatory alignment, the role demands input into technology decisions and crafting long-term strategic roadmaps. Reporting directly to the CISO, the ideal candidate will leverage deep technical knowledge, exceptional analytical skills, and strong collaborative abilities to drive measurable security outcomes and uphold FactSet's commitment to industry-standard compliance.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at factset? Share your experience