Senior Director, Cybersecurity Governance, Risk, and Compliance
CFA InstituteCFA Institute is seeking a strategic, hands-on cybersecurity leader to build and mature our global GRC program—aligning risk reduction with business priorities, guiding enterprise policy and standards, and ensuring compliance across a complex regulatory landscape. If you love rolling up your sleeves to solve real-world governance, risk, and compliance challenges while advising executives and the board, this role is for you.
Please note: CFA Institute does not provide work authorization or visa sponsorship (including student or temporary worker visas) for this position.
What You’ll Do
Own the cyber GRC framework: Establish and continuously improve the organization’s IT and cybersecurity governance model to drive measurable risk reduction aligned with business objectives.
Set policy & standards: Develop, implement, and enforce global IT and cybersecurity policies, standards, and procedures that meet international and regional regulations.
Advise leadership: Lead the cybersecurity committee/working group; provide regular, executive-ready updates to senior leadership and the board on risk posture and program performance.
Run enterprise risk management for cyber/IT: Build and execute comprehensive risk assessment processes, identify vulnerabilities, prioritize mitigations, and track remediation to closure.
Manage third-party risk: Partner with IT, operations, and business units to assess and monitor vendor and partner risks across the lifecycle.
Measure what matters: Define KRIs and metrics to monitor risk levels and drive decisions, reporting trends and insights to stakeholders.
Lead compliance programs: Ensure and maintain compliance with global regulations (e.g., GDPR, CCPA) and frameworks (e.g., NIST, ISO 27001); lead internal/external audits and close findings.
Sustain certifications: Maintain and improve certifications and attestations (e.g., SOC 2, HIPAA, PCI DSS), coordinating with legal and privacy teams.
Build capability & culture: Lead and mentor a high-performing team; develop training and awareness to strengthen a security-first mindset across the organization.
What You’ll Bring
Minimum Qualifications
Bachelor’s degree in cybersecurity, computer science, information systems, or related field.
10+ years in cybersecurity with significant GRC leadership experience.
Deep knowledge of global frameworks and regulations (e.g., ISO 27001, NIST CSF, GDPR, CCPA).
Proven track record conducting risk assessments, leading audits, and sustaining compliance certifications (e.g., SOC 2, HIPAA, PCI DSS).
Strong leadership and program/project management skills with the ability to manage multiple priorities in a dynamic, global environment.
Excellent communication and stakeholder management skills, including presenting to senior leadership and boards.
Preferred Qualifications
Advanced degree in a relevant field.
Security certifications such as CISSP, CISM, and/or CRISC.
Experience establishing KRIs/metrics and executive dashboards for ongoing risk monitoring.
Demonstrated success leading third-party risk programs and cross-functional, global initiatives.
Experience designing and delivering enterprise security awareness and training.
Why Join Us?
Lead at scale: You’ll architect and drive a mission-critical GRC program with meaningful visibility at the executive and board levels.
Collaborate globally: Partner with privacy, legal, IT, and business teams to embed security into enterprise processes and strategic initiatives.
Flex your craft: A hands-on environment where your expertise directly improves resilience and reduces risk.
Work flexibly: Role is eligible for flexible working arrangements within approved U.S. jurisdictions.
At CFA Institute, we are committed to transparency and equity in our hiring process. In compliance with wage transparency laws in many of the jurisdictions in which we recruit, we provide the following information regarding compensation for this position:
Expected salary range: $190,000 - $230,000
Other benefits include eligibility for annual incentives, 12% retirement employer contribution, and competitive medical benefits.
All salary ranges are subject to adjustment based on experience, education, and other factors relevant to the position. CFA Institute is an equal opportunity employer and encourages applications from all qualified individuals.
#LI-ML1
About CFA Institute
CFA Institute are the global leader in investment excellence and ethics. With nearly 200,000 charterholders across 160 markets, we drive professional growth, ethical behavior, and better markets. We care about our employees’ well-being, offering industry-leading benefits like:
Comprehensive health coverage for you and your family
Generous leave and time off
Competitive retirement plans
Flexible work options
Wellness, education, and support programs
If you feel this opportunity could be the next step in your career, we encourage you to click “Apply” and complete our three-minute application.
Be part of a team committed to putting investors first and growing economies. Follow us @CFAInstitute on LinkedIn and X.
Important Message: Your application must clearly demonstrate how you meet the requirements as CFA Institute cannot make assumptions about your education, experience, or location. We thank all those who apply. Only those selected for further consideration will be contacted.
We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics: any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, religion, creed or belief, age, marital or partnership status, marital or family status, care giver status, pregnancy and maternity, sexual and other reproductive health decisions, physical abilities/qualities, disability, sexual orientation, gender, gender identity or expression, predisposing genetic characteristic, military or veteran status, status as a victim or witness of domestic violence or sex offense or stalking, unemployment status, infectious disease carrier status, migrant worker status, educational background, socio-economic status, geographic location and culture or any other basis protected by applicable law. This policy impacts all aspects of employment, including but not limited to, recruitment, hiring, compensation, training, development, promotion, demotion, layoff, recall, furlough, transfer, leave of absence, and dismissal. This is a global policy that applies to all CFA Institute employees, regardless of location.
If, due to a disability or current medical condition, you need an accommodation or assistance to complete a job application, you can request one at any stage of the recruitment process. Please send an email to humanresources@cfainstitute.org noting the accommodations or assistance you are requesting. Please do not include any medical or health information in this email. We will review your request and contact you to discuss the possible options and arrangements. We will try our best to provide you with an accommodation or assistance that meets your needs and respects your preferences.
Our application is not compatible with Internet Explorer (IE). We recommend using Chrome.