# Director, IT and Governance, Risk & Compliance

**Company:** [Q4 Inc](https://hotfix.jobs/companies/q4-inc)
**Location:** Remote
**Role:** IT Support
**Experience:** 7+ years
**Skills:** SOC 2, ISO 27001, Nist Csf, Cis, GDPR, CCPA, Pipeda, Idp/Iam, Mdm/Edr, Grc Platforms
**Posted:** 2026-06-22

> Leads IT operations, security operations, and GRC programs for a high-growth SaaS company. Manages infrastructure, risk, compliance, and a team while supporting audits and customer assessments.

## Job Description

## What you'll do

### Strategy & Stakeholder Partnership
- Translate enterprise technology, security, and GRC strategy into a clear roadmap with priorities, milestones, and success metrics.
- Act as a senior security and risk SME, advising internal teams and customers on best practices, emerging threats, and pragmatic risk‑based decisions.
- Run the portfolio of IT, security, and GRC initiatives as a formal program, coordinating cross‑functional delivery, timelines, and status reporting.

### IT Operations & Service Delivery
- Lead IT operations to ensure infrastructure, end‑user computing, and collaboration platforms are reliable, secure, and cost‑effective.
- Oversee incident, request, and change management; drive improvements in SLAs, MTTR, and employee experience.
- Own standards for asset management and access lifecycle for employees and independent contractors.

### Security Operations & Risk Management
- Manage day‑to‑day security operations: threat monitoring, alert triage, and coordination of incident response with Security and Engineering.
- Maintain and test security incident response playbooks; coordinate periodic security testing and ensure remediation of findings.
- Operate and improve vulnerability management; support DR/BCP planning; help manage security budgets and key security vendors.

### Governance, Risk & Compliance (GRC)
- Lead technology GRC processes (policies, controls, risk registers, exceptions) and coordinate SOC 2 and customer security assessments.
- Operationalize GDPR, CCPA, PIPEDA and other requirements into controls in partnership with Legal/Privacy, maintaining RoPA, DPIAs, and vendor/sub‑processor assessments.
- Define and track KPIs/KRIs (e.g., incident SLAs, vuln closure rates, audit findings) and provide clear dashboards and reports to leadership.

### Business Systems & Enterprise Enablement
- Partner with Business Systems, Product, and Data teams to ensure enterprise platforms and integrations meet security and governance expectations.
- Contribute to architecture standards, access models, and data protection patterns across core systems.
- Identify automation and tooling opportunities to reduce manual work and improve control coverage and data quality.

### People Leadership & Collaboration
- Lead and develop a high‑performing IT and GRC team with clear goals and feedback.
- Foster a culture of accountability, continuous improvement, and strong cross‑functional partnership.
- Champion security, privacy, and technology best practices through training, communication, and engagement.

## Qualifications
- 7+ years in IT operations, information security, technology risk, or GRC, including people management.
- Strong knowledge of security and control frameworks (e.g., SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (e.g., GDPR, CCPA, PIPEDA).
- Hands‑on experience with IT and security tooling (IdP/IAM, MDM/EDR, logging/monitoring, GRC platforms).
- Proven ability to manage multiple security/IT/GRC projects or programs with ownership of timelines, budgets, and stakeholder communication.
- Track record supporting external audits and customer security assessments and communicating complex risk/technical topics in clear business language.

## Similar roles

- [Director, IT](https://hotfix.jobs/jobs/f68a9a46-0bca-47b0-93da-892cbf8334df) - Harvey - San Francisco, CA - $224k – $336k/yr
- [Sr. Director, IT and AI Transformation](https://hotfix.jobs/jobs/8868847c-81ee-4664-b828-7cb8462b5212) - 6sense - Remote - $204k – $275k/yr
- [Head of IT and Production Support](https://hotfix.jobs/jobs/e95d84a4-7366-40b7-a21e-351142738242) - Baton - San Francisco, CA - $180k – $230k/yr
- [Director, Applications & Business Systems](https://hotfix.jobs/jobs/97ad5962-46a4-4ea2-9bc1-60ba7e74ef76) - OpenLoop - Remote
- [Director, IT Services](https://hotfix.jobs/jobs/bf43b21c-6354-4701-b383-8d81e2213d68) - Justworks - New York, NY - $235k – $300k/yr

**Apply:** https://hotfix.jobs/jobs/e7fdce7b-a172-4526-9acd-39ee71d575c1
**Canonical:** https://hotfix.jobs/jobs/e7fdce7b-a172-4526-9acd-39ee71d575c1