IT Security Associate Director - Governance and IT Compliance Platforms

About the Role:

The Governance and IT Compliance Platform Lead is responsible for the strategic ownership, governance, and operational oversight of the organization’s Governance, Risk, and Compliance (GRC) platforms. This role ensures that security, risk, compliance, and audit processes are effectively supported by technology, aligned with organizational policies, and scalable to meet evolving regulatory and business requirements. The position partners with security leadership, IT, product development, legal, compliance, and business stakeholders to enable a consistent, automated, and efficient control environment across the enterprise.

Essential Duties and Responsibilities:

• Platform Strategy & Roadmap: Define and execute the enterprise GRC technology and platform strategy, ensuring alignment with security frameworks (e.g., NIST CSF, NIST 800-53, DORA, etc.).

• Platform Ownership: Serve as the primary owner of the GRC platform(s), overseeing configuration, integration, upgrades, managing platform changes and roadmap and optimization to meet enterprise needs.

• Process Enablement: Translate governance, risk, and compliance processes into platform workflows, dashboards, and reporting that support issue management, risk assessments, policy governance, evidence collection, risk register generation and alignment with organizational units.

• Stakeholder Engagement: Collaborate with information security, IT, compliance, operations, and legal partners in the development, integration, and operation of the platform and intertwined product strategies and roadmaps.

• Automation & Efficiency: Drive automation of risk and compliance processes to reduce manual effort, improve audit readiness, and increase sustainability of controls.

• Data & Reporting: Develop dashboards, analytics, and reporting to provide actionable insights to executives, regulators, auditors, and business leadership.

• Platform Governance: Establish platform governance standards, change control processes, and ongoing lifecycle management and own/drive cross-functional sessions and demand management mechanisms.

• Vendor Management: Manage relationships with platform vendors and system integrators, including licensing, renewals, escalations, and roadmap discussions.

• Leadership: Lead and mentor a small team of GRC platform administrators, analysts, or consultants as needed.

Skills:

• Deep understanding of IT risk, security, compliance, and audit frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, COBIT, SOX, HIPAA, PCI DSS).

• Strong technical knowledge of GRC platforms (e.g., ServiceNow IRM, Archer, MetricStream, OneTrust, or similar).

• Proven record of accomplishment of IT change management, system design, and technical product delivery.

• Experience designing automated workflows, integrations, and reporting dashboards.

• Excellent stakeholder management, communication, and executive reporting skills.

• Strong analytical and problem-solving abilities; able to balance risk, efficiency, and business needs.

• Familiarity with regulatory requirements in multiple jurisdictions (e.g., EU, US, APAC).

• Knowledge of IT processes such as change management, incident management, and CI/CD integration preferred.

• Ability to translate complex regulatory and risk requirements into system design.

Education 

Bachelor’s degree in computer science, information technology, or risk and governance

Preferred:

Master’s degree in computer science, information technology, or risk and governance

Certifications: Servicenow Integrated Risk Management (IRM) Implementer, CRISC, CISA, CISM, CISSP, CDPSE, or similar

Required Experience:

• 12-15+ years of demonstrated progressive experience in IT, Cybersecurity, IT Governance and Risk, and Platform / Tool / Product architecture and management

• 10 years hands on experience delivering and leading wide-scale GRC platform initiatives and products

• 8+ years of hands on experience managing GRC platforms and solutions spanning multiple data sources, systems, and systems of record culminating and a centralized GRC ecosystem

• 5+ years management, enterprise-wide transition, and/or transformation programs 

• Strong experience with various GRC and IT Security systems and platforms such as ServiceNow, and leading IT controls, compliance, scanning, vulnerability, and IT security tools and products

• Entrepreneurial mindset and proactive way to manage work.

• Able to deliver with limited oversight and take accountability of actions.

• Excellent presentation skills, both creating slides and delivering presentations to a variety of audiences.

Preferred Experience:

• Robust system architecture experience and ability to connect functional and operational requirements stemming from risk management and governance into practical cross-system integrations and platforms.

• Experience building or transforming GRC solutions from one to another, from scratch, and/or through expansion of existing capabilities

Travel:

Less than 25%

****Must be able to work hybrid onsite 8 days a month in one of our posted Wolters Kluwer Locations in Eastern time zone or Central time zone****

A comprehensive benefits package that begins your first day of employment. Additional Information: Wolters Kluwer offers great benefits and programs to help meet your needs and balance your work and personal life, including Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, and Paid Parental Leave. Full details of our benefits are available - https://www.mywolterskluwerbenefits.com/index.html 

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.

Compensation: