HiringCafe
Posted 1d ago

Director, IT and Governance, Risk & Compliance

@ Q4
View All Jobs
United States or Canada or Brazil or Mexico
RemoteFull Time
Responsibilities:leading operations, managing security, driving governance
Requirements Summary:7+ years in IT operations, information security, technology risk, or GRC with people management; strong knowledge of SOC 2/ISO 27001/NIST CSF/CIS; hands-on experience with IdP/IAM, MDM/EDR, logging/monitoring, and GRC platforms; program and audit experience.
Technical Tools Mentioned:SOC 2, ISO 27001, NIST CSF, CIS, IdP/IAM, MDM/EDR, logging/monitoring, GRC platforms, DR/BCP
Save
Mark Applied
Hide Job
Report & Hide
Job Description

About the role

The Director, IT and Governance, Risk & Compliance (GRC) leads Q4’s IT operations, security operations, and technology governance programs to ensure a reliable, secure, and compliant internal environment for a high‑growth SaaS business. The role translates strategy into execution by running the programs, teams, and processes that keep Q4’s corporate environment available, secure, and audit‑ready, and acts as a senior security and risk subject‑matter expert for internal and customer‑facing stakeholders.

What you'll do

Strategy & Stakeholder Partnership

  • Translate enterprise technology, security, and GRC strategy into a clear roadmap with priorities, milestones, and success metrics.
  • Act as a senior security and risk SME, advising internal teams and customers on best practices, emerging threats, and pragmatic risk‑based decisions.
  • Run the portfolio of IT, security, and GRC initiatives as a formal program, coordinating cross‑functional delivery, timelines, and status reporting. 

IT Operations & Service Delivery

  • Lead IT operations to ensure infrastructure, end‑user computing, and collaboration platforms are reliable, secure, and cost‑effective.
  • Oversee incident, request, and change management; drive improvements in SLAs, MTTR, and employee experience.
  • Own standards for asset management and access lifecycle for employees and independent contractors. 

Security Operations & Risk Management

  • Manage day‑to‑day security operations: threat monitoring, alert triage, and coordination of incident response with Security and Engineering.
  • Maintain and test security incident response playbooks; coordinate periodic security testing and ensure remediation of findings.
  • Operate and improve vulnerability management; support DR/BCP planning; help manage security budgets and key security vendors. 

Governance, Risk & Compliance (GRC)

  • Lead technology GRC processes (policies, controls, risk registers, exceptions) and coordinate SOC 2 and customer security assessments.
  • Operationalize GDPR, CCPA, PIPEDA and other requirements into controls in partnership with Legal/Privacy, maintaining RoPA, DPIAs, and vendor/sub‑processor assessments.
  • Define and track KPIs/KRIs (e.g., incident SLAs, vuln closure rates, audit findings) and provide clear dashboards and reports to leadership. 

Business Systems & Enterprise Enablement

  • Partner with Business Systems, Product, and Data teams to ensure enterprise platforms and integrations meet security and governance expectations.
  • Contribute to architecture standards, access models, and data protection patterns across core systems.
  • Identify automation and tooling opportunities to reduce manual work and improve control coverage and data quality. 

People Leadership & Collaboration

  • Lead and develop a high‑performing IT and GRC team with clear goals and feedback.
  • Foster a culture of accountability, continuous improvement, and strong cross‑functional partnership.
  • Champion security, privacy, and technology best practices through training, communication, and engagement. 

Qualifications

  • 7+ years in IT operations, information security, technology risk, or GRC, including people management.
  • Strong knowledge of security and control frameworks (e.g., SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (e.g., GDPR, CCPA, PIPEDA).
  • Hands‑on experience with IT and security tooling (IdP/IAM, MDM/EDR, logging/monitoring, GRC platforms).
  • Proven ability to manage multiple security/IT/GRC projects or programs with ownership of timelines, budgets, and stakeholder communication.
  • Track record supporting external audits and customer security assessments and communicating complex risk/technical topics in clear business language.