Senior Director, Compliance

About the role

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board's information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board's vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns. As the Senior Director, Compliance, you will lead College Board's external compliance program, contributing to the successful execution of SOC 2, ISO 27001, and PCI DSS audits in partnership with GRC leadership and internal stakeholders. You will work closely under the guidance of the GRC leadership, to coordinate with external auditors, and ensure controls are designed, implemented, documented, and operated effectively within College Board's cloud-based systems. Acting as a technical authority for compliance, you will translate framework requirements into practical, auditable technical controls and lead closely with engineering and infrastructure teams to embed compliance into system design and day ‑ to ‑ day operations. The role lead s the ongoing development of the compliance program by helping define and mature the compliance strategy, standardize processes and evidence practices, and collaborate cross ‑ functionally with technical and non ‑ technical stakeholders to drive accountability, continuous audit readiness, and scalable compliance delivery. In this role, you will: Compliance & Audit Execution (40%) Lead the execution of external compliance audits (SOC 2, ISO 27001, PCI DSS), by assisting with audit planning, scope definition, evidence strategy, walkthrough coordination, issue resolution, and successful delivery of audit results in partnership with GRC leadership Act as a key liaison to external auditors, lead ing audit communications, responding to information requests, participating in audit discussions, and providing technical context and judgement on findings, clarifications, and interpretation of requirements. Partner closely with internal stakeholders and control owners across business areas, engineering, legal, and operations to align on audit scope, control responsibilities, evidence requirements, and remediation plans throughout the audit lifecycle. Lead control readiness and continuous audit preparedness by working with control owners to help ensure controls are designed, implemented, documented, and operating effectively throughout the audit period. Compliance Strategy & Program Maturity (20%) Lead the development and execution of College Board's compliance strategy and roadmap, focused on SOC 2, ISO 27001, PCI DSS, and related frameworks, ensuring alignment with business objectives and cloud ‑ native operating models in collaboration with GRC leadership. Contribute to the maturation and scalability of the compliance program by helping standardize control design, documentation, evidence collection, and operating procedures to improve audit efficiency, consistency, and repeatability year over year. Lead the establishment and ongoing operation of the compliance governance processes, including control ownership, compliance monitoring, issue tracking, and exception management, to help maintain sustained audit readiness and control effectiveness. Promote a culture of continuous compliance readiness, working with stakeholders to embed compliance requirements into day ‑ to ‑ day operations and technical workflows rather than treating audits as point ‑ in ‑ time events. Identify opportunities to mature the compliance program through automation, continuous monitoring, improved evidence practices, and more scalable audit readiness processes. Technical Security & Compliance Lead (20%) Provide technical lead on compliance ‑ driven control design and implementation, ensuring SOC 2, ISO 27001, and PCI DSS requirements are translated into effective, auditable controls within cloud ‑ native environments. Provide guidance and expertise during compliance assessments and audits, lead ing control walkthroughs, validating control operation, and confidently explaining system architectures and security mechanism