Apply on Employer Site

Laserfiche · 5 hours ago

Director of Governance, Risk and Compliance

Long Beach, CA

Full-time

Hybrid

Director/Executive

$180K/yr - $230K/yr

7+ years exp

Laserfiche is a global leader in intelligent document management and business process automation, and they are seeking a Director of Governance, Risk & Compliance (GRC) to lead enterprise-wide governance, risk and compliance programs. This hands-on role will ensure the organization operates in alignment with regulatory compliance requirements, industry standards, and internal policies while enabling business agility and operational excellence.

Artificial Intelligence (AI)Business Process Automation (BPA)CMSDocument ManagementEnterprise SoftwareHuman ResourcesMachine LearningSaaSSoftware

No H1B

Responsibilities

Develop and lead the enterprise Governance, Risk and Compliance (GRC) program to ensure effective alignment between business objectives, risk management and regulatory compliance requirements

Provide hands-on leadership for AI and security governance, cybersecurity controls (SOC 2, ISO 27001, GovRAMP/FedRAMP, CMMC, NIST 800-53, CJIS, PCI), data privacy and regulatory compliance (EU AI Act, GDPR, CCPA, PIPEDA, HIPAA)

Partner with technology and business leaders to assess AI, technology and security risks, and ensure appropriate controls are designed, implemented, tested and operating effectively

Collaborate with ITS, Development and other departments to lead IT, security and business resiliency policy creation, maintenance, communication, training and enforcement across the enterprise

Safeguard Laserfiche information in accordance with Laserfiche Information Security Policies

Own and lead compliance and certification programs (SOC 2, ISO 27001, ISO 42001, ISO 9001, GovRAMP/FedRAMP, CCMC) that are aligned to industry standards and regulatory frameworks

Manage and conduct internal audits, risk assessments, third-party and vendor risk management assessments

Coordinate control self-assessments, remediation and risk treatment plans

Manage and update control matrices and risk registers; ensure controls are mapped to relevant frameworks and operating effectively

Manage continuous controls monitoring and risk reporting provided to external and internal stakeholders

Partner with Legal, ITS, Development, People and other organizations to operationalize privacy requirements

Oversee and perform data mapping and data inventory activities, ensuring accurate organizational understanding of data flows, risks and controls

Collaborate with Legal and other departments on performing DPIA/PIAs and other compliance initiatives

Lead the business continuity management program, including performing an annual business impact analysis (BIA), developing, testing and updating BCPs, and providing organizational training in collaboration with L&D

Coordinate with ITS on DR planning and testing, and working with executive stakeholders on updating and testing crisis management plans (CMP)

Collaborate with Sales, ITS, Development and Legal on sales enablement initiatives including responding to RFPs and customer questionnaires on security controls, data privacy, AI, BCM, DR and CMP

Serve as a subject matter expert on internal controls and security, and collaborate with Product Strategy, Development and ITS on product enhancements, features and security capabilities

Monitor Laserfiche security controls and compliance with customer contractual requirements

Qualification

GovernanceRiskComplianceCybersecurityData PrivacyAWS ServicesISO 27001NIST 800-53SOC 2IT Risk ManagementCompliance CertificationsProgram ManagementLeadershipCommunication SkillsOrganizational Skills

Required

Bachelor's degree in management information systems, IT audit, cybersecurity or related degree program is required

Minimum of 7+ years of experience in information security, IT risk management, compliance, or related GRC disciplines

Certification is required in a relevant area (e.g., CISA, CRISC, CISM)

Demonstrated leadership experience building or scaling enterprise GRC programs

Experience with industry regulations (e.g., HIPAA, GDPR, CCPA), GovRAMP/FedRAMP, NIST standards (NIST 800-53), ISO 27001 certifications, SOC 2 reporting and security assessments, and leading frameworks such as AICPA Trust Services Criteria

Strong understanding of privacy regulations and experience with operational privacy work (data mapping and flow diagramming, DPIAs, data governance)

Strong technical skills in cybersecurity, controls and AWS security audits; Big Four experience a plus

Excellent communication, presentation and negotiation skills, with the ability to influence internal and external stakeholders and write policies and controls documentation

Exceptional organizational and program management skills with a keen attention to detail

Ability to thrive in a fast-paced environment with competing priorities and deadlines

Ability to manage complex, cross-functional projects with internal and external stakeholders