Director, IT Audit & Compliance

Profile

The Director, Cybersecurity (Audit & Compliance) is a senior leader responsible for directing the organization’s cybersecurity program, with the primary focus of ensuring robust governance, regulatory compliance, policy adherence, audit readiness and risk mitigation. This position leads efforts to protect sensitive data and systems while maintaining alignment with industry standards. They will oversee a team of individuals and collaborate with cross-functional leaders, internal audit, legal, and business unit stakeholders to embed a compliance-first cybersecurity culture.

Key Responsibilities

• Provide strategic leadership and oversight of the organization’s cybersecurity program by establishing a compliance-based approach to threat identification, vulnerability management, incident response planning, and security operations.
• Direct the implementation of technical controls, monitoring tools, and defensive measures to safeguard digital and physical assets.
• Foster cross-functional collaboration to integrate cybersecurity into business processes and technologies.
• Promote security awareness and training initiatives to build a risk aware culture.
• Directly responsible for establishing and implementing policies, standards, and procedures that foster compliance commensurate with regulatory and customer requirements, as well as third-party frameworks such as NIST, SOX, SOC2, ISO 27001, FedRAMP, and PCI-DSS.
• Continually analyze opportunities for process optimization and automation.
• Direct and perform internal and external audits at planned intervals and on an ad hoc basis. This includes the evaluation and validation of the design and operational effectiveness of technical, physical, and administrative controls to help reduce risk in the organization.
• Oversee the process to monitor open items from audits to ensure completion of remediation activities defined in the agreed action plans and risk treatment plans.
• Direct leadership teams to develop and expand continuous monitoring processes to strengthen confidence in Verra Mobilities compliance program.
• Ensure industry’s best practices and continually implemented and provide subject matter expertise support to the sales, product, and legal organizations.
• Act as the senior cybersecurity liaison and partner with cross-functional stakeholders to support cyber-insurance renewals.
• Oversee, develop, implement, and maintain the cybersecurity risk management program. This includes leading and directing both internal and external (third-party) risk.
• Develop and monitor key risk indicators and metrics; as well as other scorecards related to risk and compliance activities with an emphasis on continuous improvements.
• Support cybersecurity leadership in all activities related to risk management.
• Partner with Legal & Sales to respond to requests for proposals, requests for information, and customer contract reviews.
• Participate in Mergers & Acquisition activities.

Qualifications:

• Bachelor’s degree from an accredited university or 8 years’ experience in cybersecurity leadership role’s focused on audit and compliance.
• Articulate with strong business acumen and executive presence.
• SOX, NIST, ISO 27001, PCI, SOC 2 working experience and/or certification(s).
• CIA, or CISA (Other relevant certifications will be considered).
• Experience leading others and managing IT compliance audits. Inclusive of leading controls walkthroughs, interviewing stakeholders, gathering information, and identifying relevant information for documentation.
• Experience developing and implementing policies and procedures.
• Coachable and willing to learn with positive demeanor.
• Ability to take initiative and drive results.
• Excellent communication, leadership, interpersonal, and project management skills.
• Advanced IT audit skills.
• Ability to multi-task effectively and manage multiple priorities.
• Current on the latest technological advances and best practices within information security space.
• Proficient in Microsoft Office applications.
• Strong knowledge of risk management methodologies.
• Ability to quickly identify and document security policies, procedures and standards with little to no guidance.
• Successful completion of the Nlets fingerprinting background assessment.
• Must be locally located and okay working a 3 days in office hybrid model and 2 days remote.

Preferred Skills:

• Master’s degree in cybersecurity discipline.
• Strong technical acumen with (DoD Directive 8140 minimum) certification of CISSP or CompTIA Security+.
• Strong organizational and time management abilities with formal project management experience and/or certification(s).
• Experience in risk management theory and practice.
• Work well under pressure and respond to tight deadlines while exercising sound judgment.
• Ability to work collaboratively with diverse stakeholders and drive culture change.
• Experience working in GRC tools and risk assessment methodologies.
• Proficiency in Microsoft Office (i.e., excel xlookup, Power BI report building).
• Demonstrated ability to multi-task, respond to needs quickly and efficiently and prioritize work with a strong attention to detail.
• Must be a self-starter and possess the qualities to work efficiently, effectively, and autonomously with general supervision.
• Experience working in a regulated industry.
• Experience supporting privacy operations.
• Experience with ERP systems (e.g., Oracle, NetSuite, Great Plains, etc.).