Director of Information Risk Management (IRM) Remote

View full description

Requirements:

• 10+ years of experience in information risk management, including leadership roles.
• Strong knowledge of industry standards and frameworks (ISO 27001, NIST, SOC 2, PCI DSS, etc.).
• Expertise in conducting risk assessments, gap analyses, and compliance audits.
• Experience advising on GRC tools, risk management platforms, or related technologies.
• Exceptional communication skills, with the ability to articulate complex risks to non-technical audiences.

Responsibilities:

• Develop and lead the IRM program to deliver comprehensive risk management services tailored to client needs.
• Collaborate with executive leadership to define the strategic direction of the IRM practice.
• Drive the adoption of risk-based approaches across client organizations, aligning security initiatives with business objectives.
• Oversee the identification, assessment, and prioritization of information security risks.
• Develop risk mitigation strategies, including policies, processes, and controls, ensuring compliance with frameworks such as ISO 27001, NIST, or SOC 2.
• Advise clients on third-party risk management, business continuity planning, and incident response readiness.
• Act as the primary point of contact for client engagements, ensuring exceptional service delivery.
• Conduct executive-level presentations to communicate risk findings, recommendations, and remediation plans.
• Build and nurture long-term client relationships, identifying opportunities for additional service offerings.
• Recruit, mentor, and lead a team of IRM professionals, fostering a culture of excellence and continuous improvement.
• Provide guidance on complex projects, ensuring deliverables meet or exceed client expectations.
• Stay abreast of emerging risks, threats, and technologies in the cybersecurity landscape.
• Contribute to thought leadership initiatives, including whitepapers, webinars, and industry events.