Senior Director - Governance, Risk, and Compliance

Senior Director - Governance, Risk, & Compliance (GRC)

What success looks like in this role:

The Senior Director – GRC is a strategic leadership role responsible for

• Creating the vision for the GRC program
• Clear understanding of the business and how the GRC function can be a business enabler
• Support the CISO

This role ensures alignment with regulatory requirements, industry standards, and business objectives while providing executive oversight across risk, audit, compliance, and assurance functions.

The position partners closely with the internal teams - CISO, BISO’s, Corporate IT and cross-functional teams (Privacy, Legal, HR, Procurement, Corporate Real Estate), and external teams - Vendors and Customers to drive a risk-aware culture, strengthen control frameworks, and enable secure business growth.

Key Responsibilities

1. GRC Strategy & Governance

• Define and execute the enterprise GRC strategy aligned to cybersecurity and business objectives
• Establish governance frameworks, policies, standards, and operating models across GIS
• Provide executive reporting to CISO, senior leadership, and Board-level committees on risk posture and compliance status
• Drive continuous improvement of GRC maturity leveraging frameworks such as NIST CSF and ISO 27001

2. Risk Management (Cyber & IT Risk)

• Own the Cybersecurity area within the Enterprise Risk Management (ERM) program including risk identification, assessment, mitigation, and reporting
• Maintain and govern the centralized risk register in the GRC tool and ensure timely updates across BUs through the BISOs and other corporate functions.
• Define risk appetite, tolerance, and escalation mechanisms
• Facilitate risk-based decision-making processes including Policy exception and risk acceptance processes and criteria.

3. Compliance & Regulatory Management

• Ensure compliance with global and regional regulatory requirements (e.g., SOX ITGC, NIS2, DORA, GDPR, CRA as applicable)
• Govern adherence to industry standards and certifications:
  • ISO 27001, ISO 22301, ISO 20000 and ISO 9000
  • Corporate SOC 1 Type II, Client Specific SOC 2 Type II
  • NIST, PCI-DSS, Cyber Essentials Plus and other regional certifications
• Oversee internal controls design, testing, and remediation tracking
• Act as the primary escalation point for compliance risks and audit findings

4. Audit & Assurance

• Provide executive oversight for:
  • Internal audits (IA), external audits, and regulatory reviews
  • Audit planning, execution coordination, and closure of findings
• Govern audit partner relationships and ensure audit readiness across the organization
• Ensure effective remediation and closure of audit findings within defined timelines

5. Third-Party Risk Management (TPRM)

• Lead the enterprise TPRM program including:
  • Risk assessments of suppliers and partners
  • Security clauses in supplier contracts
• Partner with Procurement, Legal, and Privacy functions
• Ensure continuous monitoring of third-party risk posture through Security Rating tools

6. Policy, Standards & Control Framework

• Establish and maintain corporate information security policies, standards, and procedures
• Ensure alignment with control frameworks (ISO, NIST)
• Govern policy lifecycle management, including annual reviews, approvals, updates, and awareness.
• Standardize documentation and ensure consistency across GIS artifacts

7. Security Awareness & Culture

• Provide executive sponsorship to Security Awareness & Training programs
• Ensure alignment of training with risk landscape and organizational priorities
• Monitor effectiveness through metrics, reporting, and behavioral risk reduction

8. Business Continuity and Disaster Recovery  

• Define, implement and test Business Continuity and Disaster recovery plans across the defined scope of the enterprise.
• Work closely with the Enterprise Resilience team to align Business Continuity Plans with Corporate Crisis Management plans

9. Business & Client Engagement

• Support client security assurance activities:
  • RFP/RFI responses
  • Security questionnaires
  • Contract and security exhibit reviews
• Act as executive point of contact for key customers on security governance matters

10. Metrics, Reporting & Governance

• Define KPIs/KRIs for all domains of GIS and report out through Monthly automated dashboards.
• Lead governance forums such as: Risk Review Boards and Policy Exception Review Boards
• Drive data-driven decision making and transparency across stakeholders
• Preparation of slides for Board and CISO

11. Team Leadership

• Lead a global GRC organization including Risk, Compliance, Audit, TPRM, Policy, BCM/DR functions
• Provide leadership oversight to the GIS India associates as the ‘GIS India leader’ and build high-performing teams and ensure capability maturity

You will be successful in this role if you have:

Experience & Qualifications

• 18–25+ years in IT / Information Security with:
  • 12+ years in cybersecurity
  • 8+ years in GRC leadership roles
• Strong experience across:
  • Risk management, audit, compliance, and policy frameworks
  • Enterprise-scale GRC program leadership
• Prior experience interacting with:
  • Executive leadership (CISO, CIO, COO, Risk Committee)
  • Regulators and external auditors

Preferred Certifications

• CISA / CISM / CRISC / CISSP
• ISO 27001 Lead Implementer / Lead Auditor

Successful Candidate Will Have:

• Mature, scalable GRC operating model across geographies
• Strong audit outcomes with minimal findings and timely remediation
• Clearly articulated and quantified enterprise risk posture
• High stakeholder confidence (Risk Committee, Clients, Regulators)
• Measurable reduction in security and compliance risk

Reporting Structure

• Reports to: Chief Information Security Officer (CISO)
• Direct reports: Heads of Risk, Compliance, TPRM, Audit, Policy & BCM, Program Manager for Security Awareness

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.

 

If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com. US job seekers can find more information about Unisys’ EEO commitment here.

Experience Level

Senior Level