Director, Security Governance, Risk and Compliance

Our Security GRC team sits within Information Security and plays a critical role in earning and maintaining our customer's trust. We ensure we meet our duty of care to our customers, employees, and partners by creating effective governance for upholding internal security policies, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. The team and this role partners closely with other security teams, Legal, Sales, HR, and many other teams at Tricentis.

The Director reports to the Chief Information Security Officer and leads a team of professionals to oversee key programs and collaborates with business leaders to reduce business risk and support the Tricentis global growth strategy.

The director will use collaborative change management tactics that builds engagement, establishes trust and effective relationships and ownership, and inspires enthusiasm across the company. This is a strategic leadership role that has a strong hands-on component, requiring a mix of strategic forethought, people leadership, and hands-on execution.
 

The Director plays a critical role in corporate M&A processes and customer and internal incident response, and will also be responsible for building and maintaining a forward leaning compliance posture, looking at the global compliance and regulatory landscape as a guide to help design and execute on a strategic roadmap. If you hate silos, this is the company for you. This role will assist in building deeper layers of transparency and accountability while ensuring all roles have visibility to drive appropriate planning, allocation, and delivery.

What You’ll Do:

• Lead and manage a global team to oversee security governance, risk, compliance, customer trust, and privacy activities, reporting directly to the CISO.
• Directly manage and own the security policies, procedures and controls with the goal of maintaining compliance to applicable regulations and beyond.
• Develop and implement a comprehensive information security risk management program, including risk strategy, self-assessment, and analysis programs.
• Foster strong relationships with internal stakeholders, external auditors, and vendors while managing M&A due diligence, training, and awareness initiatives.
• Oversee data governance, product certification, and compliance efforts to align with regulatory controls while optimizing engineering velocity.
• Configure and maintain GRC tools for compliance evidence collection, gap identification, and risk management.
• Collaborate with Privacy Counsel on ISO 27701 certification, lead security audits, and refine policies and practices to meet evolving regulatory requirements.
• Support sales and marketing teams with certification roadmaps, compliance reporting, and alignment of initiatives with executive leadership goals.
• Foster continuous partnership with the sales team to maintain trust and transparency with customers, ensuring clear communication of security and compliance efforts while addressing customer concerns and expectations
• Create and manage a security M&A due diligence plan.
• Use management-by-influence to drive operational changes in a pro-active and supportive way that builds unity across corporate divisions.
• Work with the Marketing team to identify Level of Effort and ROI for new certifications while also ensuring that our Compliance & Certification efforts are adequately reflected in Marketing materials.
• Partner with engineering, product management, and customer-facing teams to create effective processes that ensure we meet the needs of our customers in the most optimized and compliant way possible.
   

Who You Are:

• You are an empathetic leader that seeks to understand each project team member’s strengths and constraints.
• You have a willingness to “jump in” and empower stakeholders to be ‘editors’ instead of ‘authors.’
• You are comfortable at both the strategic and tactical level. You see the big picture and can create an inspirational vision, but you thrive in leading and executing strategic initiatives of your own.
• You have the ability to work directly with Individual Contributors while also preparing & presenting reporting for Senior Leadership.
• While you are not responsible for the Security of the product, you should have a high-level familiarity with standard Security concepts, as well as standard development frameworks such as Agile, DevOps, DevSecOps, etc.
• You should be comfortable interacting with external stakeholders such as CTOs, CISOs, and VPs of Procurement.
• You will assist in streamlining our revenue pipeline by responding to and subsequently automating responses to our customer’s third-party validation activities.
   

Qualifications:

Experience:

• 10+ years of experience in Governance, Risk, and Compliance or a related field, with at least 3-5 years in a leadership or managerial position.
• Extensive experience in managing security policies, procedures, and controls in complex, highly regulated environments.
• Proven track record of leading audit activities, including internal assessments, external compliance audits and third-party vendor management.
• Experience in developing and implementing risk management programs, incident response strategies, and data governance.
• Strong understanding of industry standards and regulatory frameworks (e.g., GDPR, HIPAA, SOC 2, ISO 27001, ISO 27701, ISO 9001, ISO 42001, DORA, NIST).
• Strong understanding of Secure Controls Framework (SCF) and experience in implementing, monitoring, and continuously improving security controls to mitigate risks and ensure compliance with industry standards and regulatory requirements
• Experience in working closely with executive leadership, product teams, legal counsel, and external auditors to ensure alignment with business goals and regulatory compliance.
• Strong communication and leadership skills to influence decision-making and drive operational change across various departments.

Preferred Certifications / Experience:

• GxP / FDA / ICH (leading certification efforts)
• FedRamp / FISMA (leading certification efforts)
• Sarbanes-Oxley Act (SOX) and financial reporting audits
• LogicGate Administration
• Information security certification or risk management certifications preferred (CISA, CISM, CRISC, CISSP)
• CIPP/e /us (or equivalent experience)
• HIPAA & HITECH (leading certification efforts)
   

Why You’ll Love Working at Tricentis:

• We’re passionate creators – of products, of experiences and of the future of software testing automation.
• We offer great benefits like flexible working hours, 100% coverage of medical & dental premiums, and company paid volunteer days.
• We live our values of Customer Success, Continuous Innovation, One Team, Empowerment, and Give Back. Team members truly want the best for each other and the company. People are happy to share their insights and lend help when needed.
• Our commitment to diversity and inclusion runs deep. We actively seek out those with different perspectives and consciously take steps to ensure everyone has a voice. We want to make the best; most innovative products and we need multiple perspectives to do that. That isn’t just lip-service; we update our processes if we find a way it can be more inclusive.
• You will have the opportunity to make a real and meaningful impact for more than 1,800+ global customers with the best continuous testing platform in the world.
   

Our Package:

• Flexible working hours (no core time)
• Market competitive salary and annual performance-based bonus
• Supportive and engaged leadership team
• Career path and professional and personal development
• 401(k) plan, full benefits package available
• Company paid Disability and Life Insurance
• Hybrid work environment
• Our commitment to diversity and inclusion runs deep. We actively seek out those with different perspectives and consciously take steps to ensure everyone has a voice
• Company paid holidays, PTO and volunteer days

Tricentis is proud to be an equal opportunity workplace. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran.
 

About The Company:
 

Tricentis is the global leader in enterprise continuous testing, widely credited for reinventing software testing for DevOps, cloud, and enterprise applications. The Tricentis AI-based, continuous testing platform provides a new and fundamentally different way to perform software testing. An approach that’s totally automated, fully codeless, and intelligently driven by AI. It addresses both agile development and complex enterprise apps, enabling enterprises to accelerate their digital transformation by dramatically increasing software release speed, reducing costs, and improving software quality.

Founded in 2007, Tricentis has been widely recognized as the leader in enterprise test automation by all major industry analysts, including Forrester, IDC, and Gartner’s Magic Quadrant five years in a row. Tricentis has global offices throughout AMS / EMEA / APAC, including Austria, Australia, Belgium, Denmark, France, Germany , India, Poland, Singapore, Sweden, Switzerland, The Netherlands, United Kingdom, and the USA.