IT Security Director, GRC Strategy, Platforms & Architecture Lead

As the IT Security Director and GRC Strategy, Platforms & Architecture Lead, you will serve as a senior leader responsible for the strategic direction, governance, and operational oversight of the organization’s Governance, Risk, and Compliance (GRC) platforms. This role drives the overall GRC strategy, ensuring that all aspects of cyber governance, controls, compliance, and risk operations are seamlessly integrated through people, processes, and technology. You will ensure that security, risk, compliance, and audit functions are effectively supported by scalable technology solutions aligned with organizational policies and evolving regulatory requirements. Partnering closely with security leadership, IT, product development, legal, compliance, and business stakeholders, you will enable a consistent, automated, and efficient control environment across the enterprise.

Must Have

• Drive strategy across security governance, controls, compliance, and risk operations.
• Accountable for executive level reporting, communications, and influence.
• Act as a seasoned expert and advisor to CTC leaders in Controls, Risk Operations, and Policy Management.
• Support control testing and compliance initiatives.
• Define and execute enterprise GRC technology and platform strategy.
• Serve as primary owner of GRC platform(s), overseeing configuration, integration, upgrades, and optimization.
• Translate governance, risk, and compliance processes into platform workflows, dashboards, and reporting.
• Collaborate with information security, IT, compliance, operations, and legal partners.
• Drive automation of risk and compliance processes.
• Develop dashboards, analytics, and reporting for insights.
• Establish platform governance standards, change control processes, and lifecycle management.
• Manage relationships with platform vendors and system integrators.

Good to Have

• Familiarity with regulatory requirements in multiple jurisdictions (e.g., EU, US, APAC).
• Knowledge of IT processes such as change management, incident management, and CI/CD integration.
• Robust system architecture experience.
• Experience building or transforming GRC solutions.
• Master’s degree in computer science, information technology, or risk and governance.
• Certifications: ServiceNow Integrated Risk Management (IRM) Implementer, CRISC, CISA, CISM, CISSP, CDPSE, or similar.

Perks & Benefits

• Comprehensive benefits package (Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, Paid Parental Leave).
• Bonus and Stock eligibility.
• Flexible hybrid work schedule (2 days in office, 3 days remote).
• Inclusive company culture.
• Opportunities for professional growth.
• Global well-being program.

As the IT Security Director and GRC Strategy, Platforms & Architecture Lead, you will serve as a senior leader responsible for the strategic direction, governance, and operational oversight of the organization’s Governance, Risk, and Compliance (GRC) platforms. This role drives the overall GRC strategy, ensuring that all aspects of cyber governance, controls, compliance, and risk operations are seamlessly integrated through people, processes, and technology. You will ensure that security, risk, compliance, and audit functions are effectively supported by scalable technology solutions aligned with organizational policies and evolving regulatory requirements. Partnering closely with security leadership, IT, product development, legal, compliance, and business stakeholders, you will enable a consistent, automated, and efficient control environment across the enterprise.

This position offers a flexible hybrid work schedule from our local office. (2 days in office, 3 days remote)

Essential Duties and Responsibilities

• GRC Strategy: Understand and drive strategy across security governance, controls, compliance and risk operations to build scalable, functional, and timely solutions, that enable scalable processes, high quality outcomes, and enhanced risk management across the Company.
• Executive Communication and Leadership: Accountable for executive level reporting, communications, and influence to ensure that security Governance and IT risk operations platforms, architecture, and processes are enabled, integrated with, leveraged and decisions / outcomes are in line with Cybersecurity & Technology Controls (CTC) principles. Strong influence and communication skills are mandatory, and the leader must be able to manage a small team of contractors and employees spanning engineering and platform roles.
• Controls, IT Risk Operations, and Policies/Standards Support: Act as a seasoned expert and advisor to other CTC leaders in Controls, Risk Operations, and Policy Management domains through collaboration, risk finding reviews, and policy/standard review and release management to support cross-team outcomes and book of work.
• Compliance and Controls: Support control testing and compliance initiatives spanning Policy-Regulation analysis/crosswalks and gap identification, as well as potential evidence and control design reviews to enable unified compliance at scale with common controls programs.
• Platform Strategy & Roadmap: Define and execute the enterprise GRC technology and platform strategy, ensuring alignment with security frameworks (e.g., NIST CSF, NIST 800-53, DORA, etc.).
• Platform Ownership: Serve as the primary owner of the GRC platform(s), overseeing configuration, integration, upgrades, managing platform changes and roadmap and optimization to meet enterprise needs.
• Process Enablement: Translate governance, risk, and compliance processes into platform workflows, dashboards, and reporting that support issue management, risk assessments, policy governance, evidence collection, risk register generation and alignment with organizational units.
• Stakeholder Engagement: Collaborate with information security, IT, compliance, operations, and legal partners in the development, integration, and operation of the platform and intertwined product strategies and roadmaps.
• Automation & Efficiency: Drive automation of risk and compliance processes to reduce manual effort, improve audit readiness, and increase sustainability of controls.
• Data & Reporting: Develop dashboards, analytics, and reporting to provide actionable insights to executives, regulators, auditors, and business leadership.
• Platform Governance: Establish platform governance standards, change control processes, and ongoing lifecycle management and own/drive cross-functional sessions and demand management mechanisms.
• Vendor Management: Manage relationships with platform vendors and system integrators, including licensing, renewals, escalations, and roadmap discussions.

Additional Knowledge & Skills

• Deep understanding of IT risk, security, compliance, and audit frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, COBIT, SOX, HIPAA, PCI DSS).
• Strong background in IT control testing, implementation, regulation mapping and control design / evidence requirements.
• Strong technical knowledge of GRC platforms (e.g., ServiceNow IRM, Archer, MetricStream, OneTrust, or similar).
• Proven record of accomplishment of IT change management, system design, and technical product delivery.
• Experience designing automated workflows, integrations, and reporting dashboards.
• Excellent stakeholder management, communication, and executive reporting skills.
• Strong analytical and problem-solving abilities; able to balance risk, efficiency, and business needs.
• Familiarity with regulatory requirements in multiple jurisdictions (e.g., EU, US, APAC).
• Knowledge of IT processes such as change management, incident management, and CI/CD integration preferred.
• Ability to translate complex regulatory and risk requirements into system design.

Job Qualifications

Education

Bachelor’s degree in computer science, information technology, or risk and governance

Preferred:

• Master’s degree in computer science, information technology, or risk and governance
• Certifications: ServiceNow Integrated Risk Management (IRM) Implementer, CRISC, CISA, CISM, CISSP, CDPSE, or similar

Required Experience:

• 12-15+ years of demonstrated progressive experience in IT, Cybersecurity, IT Governance and Risk, and Platform / Tool / Product architecture and management
• 12-15+ years’ experience in IT Security Governance, Compliance, Controls and strategy.
• 10 years hands on experience delivering and leading wide-scale GRC platform initiatives and products
• 8+ years of hands on experience managing GRC platforms and solutions spanning multiple data sources, systems, and systems of record culminating and a centralized GRC ecosystem
• 5+ years management, enterprise-wide transition, and/or transformation programs
• Strong experience with various GRC and IT Security systems and platforms such as ServiceNow, and leading IT controls, compliance, scanning, vulnerability, and IT security tools and products
• Entrepreneurial mindset and proactive way to manage work.
• Able to deliver with limited oversight and take accountability of actions.
• Excellent presentation skills, both creating slides and delivering presentations to a variety of audiences.

Preferred Experience:

• Robust system architecture experience and ability to connect functional and operational requirements stemming from risk management and governance into practical cross-system integrations and platforms.
• Experience building or transforming GRC solutions from one to another, from scratch, and/or through expansion of existing capabilities

Benefits:

A comprehensive benefits package that begins your first day of employment. Additional Information: Wolters Kluwer offers great benefits and programs to help meet your needs and balance your work and personal life, including Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, and Paid Parental Leave. Full details of our benefits are available - https://www.mywolterskluwerbenefits.com/index.html

Diversity Matters: Wolters Kluwer strives for an inclusive company culture in which we attract, develop, and retain diverse talent to achieve our strategy. As a global company, having a diverse workforce is of the utmost importance. We've been recognized by employees as a European Diversity Leader in the Financial Times, as one of Forbes America’s Best Employers for Diversity in 2022, 2021 and 2020 and as one of Forbes America’s Best Employers for Women in 2021, 2020, 2019 and 2018. In 2020, we placed third in the Female Board Index, and were recognized by the European Women on Boards Gender Diversity Index. Wolters Kluwer and all of our subsidiaries, divisions and customer/departments is an Equal Opportunity / Affirmative Action employer.

Our Interview Practices

To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Please note that use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.

Compensation:

150,500.00 - 268,900.00 USD

This role eligible for Bonus and Stock.

Compensation range listed is based on primary location of the position. Actual base salary offer is influenced by a wide array of factors including but not limited to skills, experience and actual hiring location. Your recruiter can share more information about the specific offer for the job location during the hiring process.

Additional Information:

Wolters Kluwer offers a wide variety of competitive benefits and programs to help meet your needs and balance your work and personal life, including but not limited to: Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, and Paid Parental Leave. Full details of our benefits are available upon request.