• Lead enterprise security and risk management efforts by identifying, assessing, and mitigating cybersecurity, operational, and compliance risks across the organization.
• Establish and enforce security governance frameworks, ensuring alignment with regulatory requirements, industry standards, and internal policies.
• Serve as a strategic advisor to senior leadership, providing insights on risk posture, emerging threats, and mitigation strategies to support business objectives.
• Collaborate with technical teams, business units, and governance functions to integrate security best practices into operations, programs, and service delivery.
• Drive continuous improvement of security and compliance processes, including risk assessments, audits, and remediation planning to strengthen overall organizational resilience.

Security Governance & Strategy

• Develop, implement, and maintain security and risk management strategies aligned with organizational goals
• Establish security governance frameworks, policies, standards, and procedures
• Ensure alignment with applicable regulatory, contractual, and compliance requirements (e.g., NIST, ISO, FedRAMP, HIPAA, CJIS, GCC/GCC‑H where applicable) 

Risk Management

• Identify, assess, and prioritize security, operational, and technology risks
• Maintain risk registers and facilitate risk reviews with stakeholders
• Define mitigation strategies and track remediation activities
• Provide risk impact analysis and reporting to executive leadership

Compliance & Audit

• Lead security compliance efforts, including internal and external audits
• Coordinate responses to audit findings and track corrective actions
• Ensure continuous compliance with security controls and governance requirements

Security Operations Oversight

• Oversee incident response planning and execution
• Collaborate with infrastructure, application, and network teams to address security gaps
• Support vulnerability management, access controls, and data protection initiatives

Stakeholder Engagement

• Act as a trusted advisor to leadership, program managers, and technical teams
• Translate technical security risks into clear business impact statements
• Coordinate with customers, vendors, and partners on security and risk matters

Documentation & Reporting

• Develop and maintain security documentation, including risk assessments, policies, and procedures
• Produce executive-level reports and dashboards on security posture and risk trends

• Bachelor's degree in information security, Computer Science, Risk Management, or a related field (or equivalent experience) 
• 8+ years of experience in information security, risk management, or governance roles 
• Strong knowledge of security frameworks, standards, and compliance requirements 
• Experience leading risk assessments, audits, and mitigation efforts 
• Ability to communicate complex security concepts to diverse audiences