Director, Information Security Governance, Risk, & Compliance

Genesys empowers organizations of all sizes to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, organizations can accelerate growth by delivering empathetic, personalized experiences at scale to drive customer loyalty, workforce engagement, efficiency and operational improvements.

We employ more than 6,000 people across the globe who embrace empathy and cultivate collaboration to succeed. And, while we offer great benefits and perks like larger tech companies, our employees have the independence to make a larger impact on the company and take ownership of their work. Join the team and create the future of customer experience together.

The Director, Information Security Governance, Risk, & Compliance will lead a group of Information Security Compliance professionals responsible for providing thought leadership and operational services related to the Information Security GRC program, shepherding the company through various compliance and regulatory requirements, and working with cross functional teams throughout the company to provide guidance, project management, and audit/assurance services for the implementation of security controls.

The Director, Information Security GRC will report to the Head of Information Security, Governance, Risk & Compliance and participate as a key member of the Information Security GRC Leadership Team.

Location: US Remote (not limited to the states that the job posting is tagged to)

Responsibilities:

• Implements a compliance program for portfolio of internal/external audits & certifications, ensuring documented and sustainable compliance practices across the enterprise.
• Implements compliance processes to automate and continuously monitor information security controls, exceptions, risks, testing, and evidence artifacts. Develops reporting metrics and dashboards.
• Assists control owners in defining responsibilities and control standards for regulatory and compliance goals – including but not limited to the following audits and certifications: SOX IT, PCI, HIPAA, SOC1/2, FedRAMP, HITRUST, ISO 27001/27017/27018, HDS, ISMAP, DORA, NIS2, Cyber Essentials, etc.
• Map and maintain common controls framework and control scope/applicability for portfolio of compliance initiatives and information security policies.
• Assists in the establishment of an Information Security GRC Center of Excellence by providing audit and assurance services to support portfolio of compliance projects.  Provide compliance subject matter expertise and advisory services to stakeholders / control owners.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.  Evaluate & report any security/compliance risks to track as part of the enterprise risk register.  Consults on developing security standards, procedures, and controls to manage risks.
• Gather requirements and lead implementation of a centralized GRC tool & audit/certification document repository to manage compliance program information across the enterprise.  Work with business unit/product level compliance teams to drive and align to a shared enterprise compliance strategy and management approach/methodologies to ensure streamlined, lean, effective, and agile processes.
• Provides dashboards and reports based on regular assessments and testing of effectiveness and efficiency of controls.
• Manages and assists compliance staff in operational oversight of compliance program functions.
• Consolidates audit/assessment vendor partners and manages third party relationships/contracts.  Provide third party audit services to business units as needed.
• Facilitates responses for corporate-level compliance related customer/partner/third party requests.
• Practice Agile methodologies and promote/drive automation across all initiatives to promote a higher level of work quality and act as a model for others to emulate.

Qualifications:

• Bachelors Degree in Computer Science or equivalent field of study
• 10+ years of experience working with applicable information security management, governance, and compliance principles, practices, laws, rules and regulations
• 10+ years of experience in Information systems auditing, monitoring, controlling, and assessment process
• Proficiency in Risk assessment and management methodology
• Proficiency working with recognized IT Security-related standards and technologies.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. This is a highly responsible position that requires both quantitative and interpersonal skills.
• Demonstrated project management, organizational and facilitation skills.
• Experience with business continuity planning, disaster recovery planning, auditing, and risk management, as well as contract and vendor negotiations.
• Excellent communication and presentation skills. Demonstrated ability to serve as an effective member of the senior management team and ability to communicate security-related concepts to a broad range of technical and non-technical management and staff.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
• CISSP and CISA/CISM certifications desired.

#LI-Remote

#LI-AR1

Compensation:

This role has a market-competitive salary with an anticipated base compensation range listed below. Actual salaries will vary depending on a candidate’s experience, qualifications, skills, and location. This role might also be eligible for a commission or performance-based bonus opportunities.  

Benefits:

• Medical, Dental, and Vision Insurance. 

• Telehealth coverage

• Flexible work schedules and work from home opportunities

• Development and career growth opportunities

• Open Time Off in addition to 10 paid holidays

• 401(k) matching program

• Adoption Assistance

• Fertility treatments

More details about our company benefits can be found at the following link: https://mygenesysbenefits.com

If a Genesys employee referred you, please use the link they sent you to apply.

About Genesys:

Genesys empowers more than 8,000 organizations in over 100 countries to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, Genesys delivers the future of CX to organizations of all sizes so they can provide empathetic, personalized experience at scale. As the trusted platform that is born in the cloud, Genesys Cloud helps organizations accelerate growth by enabling them to differentiate with the right customer experience at the right time, while driving stronger workforce engagement, efficiency and operational improvements. Visit www.genesys.com.

Reasonable Accommodations:

If you require a reasonable accommodation to complete any part of the application process or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you or someone you know may reach out to HR@genesys.com. You can expect a response from someone within 24-48 hours. To ensure we set you up with the best reasonable accommodation, please provide them the following information: first and last name, country of residence, the job ID(s) or (titles) of the positions you would like to apply, and the specific reasonable accommodation(s) or modification(s) you are requesting.

This email is designed to assist job seekers who seek reasonable accommodation for the application process. Messages sent for non-accommodation-related issues, such as following up on an application or submitting a resume, may not receive a response.

Genesys is an equal opportunity employer committed to equity in the workplace. We evaluate qualified applicants without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, marital status, domestic partner status, national origin, genetics, disability, military and veteran status, and other protected characteristics.

Please note that recruiters will never ask for sensitive personal or financial information during the application phase.