Assistant Director of GRC

Job Summary
The Assistant Director Governance Risk & Compliance ( GRC ) provides operational leadership for the organizations information security program including governance risk management assurance compliance and security awareness. Reporting to the CISO this role is responsible for developing implementing and continually improving policies standards risk processes and compliance activities that align with regulatory requirements industry frameworks and organizational risk appetite. This role serves as a key advisor to executive leadership business partners and technology teams translating regulatory and security requirements into practical scalable and measurable programs that protect the organization while enabling business objectives.

Essential Duties And Responsibilities
Leadership & Collaboration - Lead the day-to-day functions of the Information Security department under the leadership of the CISO . Leads and supports managers and individual contributors under their purview. Lead mentor and develop GRC team members and managers fostering a high-performing and collaborative culture. Represent the Information Security Office in cross-functional initiatives and enterprise programs. Acts as delegated authority for the CISO as appropriate. Assists CISO in departmental office functions i.e. budget and approvals as needed. Governance & Policy Management- Lead the development maintenance and lifecycle management of enterprise information security policies standards procedures and supporting documentation. Ensure alignment with recognized security frameworks. Establish governance processes to ensure consistent policy adoption and exception management across the organization. Enterprise Security Risk Management - Direct the information security risk management program including risk identification assessment treatment and monitoring. Oversee third-party/vendor security risk assessments and third-party continuous monitoring. Develop risk dashboards and executive-level reporting for the CISO executive leadership and governance committees. Evaluate and improve control design implementation and effectiveness across the security program. Security Awareness & Training - Accountable for the enterprise cybersecurity awareness and training program. Define annual and rolebased training requirements. Establish training metrics reporting and performance standards. Ensure auditready maintenance of training records and evidence. Program Management Projects & Metrics - Establish and monitor GRC program KPIs and KRIs to measure effectiveness maturity and risk posture. Drive continuous improvement through maturity assessments and benchmarking. Ensure accurate and timely reporting to the CISO and senior leadership. Oversee projects and initiatives for the Information Security Office. Develop and maintain Information Security Offices business processes. Compliance & Cyber Security Oversight - Lead compliance efforts related to applicable laws regulations and contractual obligations. Coordinate and manage independent security-related audits and assessments for compliance. Provide oversight of core cybersecurity programs including but not limited to vulnerability management incident response and threat management for effectiveness and compliance. Perform risk-based limited control validation to independently confirm that key cybersecurity controls operate as described.

Minimum Qualifications
Bachelors degree or relevant experience. Seven (7) years of progressive experience in information security GRC audit risk or compliance roles. Two (2) years of management or people leadership experience. CISSP or CISM required. Extensive knowledge of and experience in information security and risk management.

Preferred Qualifications
Masters degree in a related field. Additional certifications such as CRISC CISA or ISO 27001 Lead Implementer/Auditor. Experience supporting executive leadership or Boardlevel risk reporting. Experience in higher education. Experience in Texas State government.

Work Schedule
Monday Friday; 8:00 am 5:00 pm