Apply on Employer Site

Ashley Global Retail · 1 month ago

Director of Governance, Risk and Compliance - Global

Tampa, Florida, United States

Full-time

Onsite

Director/Executive

Ashley Global Retail is the largest manufacturer of furniture in the world, established in 1945. They are seeking a Director of Governance, Risk and Compliance to develop and execute a comprehensive global GRC strategy, ensuring compliance with regulations and managing risks across the organization.

E-CommerceFurnitureLifestyleRetail

Responsibilities

Develop and execute a comprehensive global GRC strategy aligned with organizational objectives, risk appetite, and business growth initiatives

Lead strategic GRC leadership initiatives including the development of executive risk dashboards and board-level risk reporting systems

Establish and maintain cyber risk reporting and metrics to be shared with the CISO

Direct the development, implementation, and ongoing improvement of GRC frameworks, measurement tools, and reporting mechanisms

Partner with business units to identify, assess, and prioritize key information security risks across all global operations

Ensure global compliance with all relevant regulations and standards including HIPAA, PCI-DSS, CCPA, NIST CSF, and SOC 2

Manage audit and regulatory readiness programs, ensuring timely closure of audit issues and continuous improvement of internal controls

Monitor legislative and regulatory changes affecting the business across all international markets

Serve as the key liaison with auditors, and third-party partners during security assessments or investigations

Direct third-party and vendor risk management programs, including comprehensive vendor control validation frameworks

Oversee vendor reassessment processes and coordinate external audits to ensure compliance with organizational standards

Partner with legal, procurement, and business teams to assess and mitigate third-party risks

Establish governance frameworks for vendor relationship management and ongoing risk monitoring

Partner with Vendor Management team to ensure Vendor Risk management is embedded in their processes

Oversee global vulnerability management programs including vulnerability assessment, patch management, and remediation tracking to ensure timely resolution of security exposures across enterprise assets

Lead enterprise-wide vulnerability scanning initiatives and coordinate with Cybersecurity teams to maintain comprehensive asset inventories

Establish vulnerability management SLA compliance metrics and drive continuous improvement in remediation timelines

Direct the implementation of automated patch management systems and ensure critical security updates are deployed within established timeframes

Lead policy and compliance management including policy creation, incident response protocols, crisis management procedures, and secure SDLC governance

Establish and enforce corporate policies, ethics programs, and training related to governance and compliance

Foster an organizational culture of accountability, transparency, and ethical business conduct

Drive continuous improvement initiatives across all GRC processes and procedures

Partner with legal, risk, audit, IT, operations, and business unit teams to protect organizational assets and reputation globally

Collaborate with executive leadership to ensure GRC considerations are integrated into strategic business decisions

Build and maintain relationships with internal and external stakeholders, including board members, regulators, and business partners

Translate complex regulatory and risk requirements into practical business guidance

Qualification

GovernanceRiskComplianceRegulatory ComplianceRisk ManagementVulnerability ManagementCybersecurityAudit ReadinessVendor Risk ManagementPolicy ManagementCross-Functional CollaborationCommunication Skills

Required