Skip to content
Q4 Inc

Director, IT and Governance, Risk & Compliance

United StatesIT SupportRemote7+ YOE
Summary

Leads IT operations, security operations, and GRC programs for a high-growth SaaS company. Manages infrastructure, threat monitoring, compliance audits, and a team of 4-5 while serving as a senior security SME.

About the role

Key Responsibilities

Strategy & Stakeholder Partnership

  • Translate enterprise technology, security, and GRC strategy into a clear roadmap
  • Act as a senior security and risk SME, advising internal teams and customers on best practices

IT Operations & Service Delivery

  • Lead IT operations to ensure infrastructure, end-user computing, and collaboration platforms are reliable, secure, and cost-effective
  • Oversee incident, request, and change management

Security Operations & Risk Management

  • Manage day-to-day security operations, threat monitoring, alert triage, and incident response
  • Operate and improve vulnerability management and support DR/BCP planning

Governance, Risk & Compliance (GRC)

  • Lead technology GRC processes, manage compliance programs, handle audits, and secure users
  • Operationalize GDPR, CCPA, PIPEDA and other requirements into controls in partnership with Legal/Privacy

Business Systems & Enterprise Enablement

  • Partner with cross-functional teams to ensure platforms meet security expectations
  • Identify and leverage AI tooling and integrations for workflow automation

People Leadership

  • Manage 4 to 5 direct reports within the existing team
  • Foster a culture of accountability and champion security best practices

Qualifications & Experience

  • 7+ years in IT operations, information security, technology risk, or GRC
  • Strong knowledge of security and control frameworks (e.g., SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (e.g., GDPR, CCPA, PIPEDA)
  • Proven ability to manage multiple security/IT/GRC projects or programs with ownership of timelines, budgets, and stakeholder communication
  • Track record supporting external audits, customer security assessments, and communicating complex risk/technical topics in clear business language

Technology Stack

  • Productivity & Environment: Google Workspace Enterprise
  • Endpoint Management & Security: CrowdStrike
  • Identity Management: OneLogin (Windows and Mac environments)
  • Ticketing & Documentation: Jira Service Management and Confluence
  • Engineering Context: MERN stack and Playwright for automation
Skills
SOC 2ISO 27001NIST CSFCISGDPRCCPAPIPEDAGoogle WorkspaceCrowdStrikeOneLoginJira Service ManagementConfluence
Apply