Sr. Director, Compliance

4 days ago Be among the first 25 applicants

This range is provided by INSPYR Solutions. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$/yr - $/yr

Role: Sr. Director, Compliance
Location: Los Angeles 90094 (2-3 days on site)
Duration: Full Time, Direct Hire
Compensation: $200-2980k/yr.
Work Requirements: US Citizen, GC Holders or Authorized to Work in US

If interested, please contact Margot Parsons at or call

Summary
The E&IT Compliance Sr. Director will serve as a lead on all audit and compliance for Engineering and IT. This role will define and implement IT policies and procedures to ensure that Engineering and Information Technology (E&IT) adheres to its standards and other relevant controls. This role will drive compliance within E&IT that supports enterprise risk management at the overall organization level, and aligns with information security risk management.

The ideal candidate has in depth knowledge of the ISO/IEC 27000 family of standards, and strong experience in information security risk management frameworks such as the NIST CSF, compliance, and audit processes within a technology-driven environment. This role will serve as a critical bridge between technical teams, business stakeholders, and executive leadership to drive a culture of security, compliance, and continuous improvement.

Key Responsibilities & Duties:

• Implement the ISO/IEC 27000 family of standards within the organization, and ensure the organization's Information Security Management System (ISMS) is in compliance with the standards.
• Develop and lead the organization's initial ISO/IEC 27000 certification and recertification efforts as our internal auditor and manage remediation plans to address compliance gaps.
• Serve as the internal subject matter expert (SME) on ISO/IEC 27000 family and interface with internal and external auditors, certification bodies, and regulatory agencies.
• Assess information security risks in alignment with the Info Sec team and business objectives.
• Create and maintain a library of E&IT policies, guidelines, process and controls to align with ISO/IEC 27000 standards and NIST CSF framework.
• Own the document governance and lifecycle of E&IT policies, guidelines, process and controls, ensuring they are audited and reviewed.
• Collaborate with Planning, Risk Management, Legal, Engineering, Operations, and Business functions to integrate ISO-aligned standards and controls into business operations.
• Regularly interact with senior business leaders to establish strategic plans and objectives.
• Ensure all E&IT systems comply with security, regulatory, and governance standards, minimizing risks to business operations.
• Monitor changes in the ISO 27000 family of standards and other relevant regulatory frameworks (e.g., NIST, SOC 2, GDPR) to adapt organizational policies accordingly.
• Present reports and strategic insights to executive leadership, including risk assessments, audit outcomes, and compliance posture.
• Build and lead a high-performing compliance and risk management function within E&IT and in collaboration with ICANN business functions.
• Facilitate the development of a significant knowledge base in others; may define role of staff members
• Other duties as assigned or requested within the scope of compliance, risk management, and audit.

Required Knowledge, Skills, and Abilities (KSAs):
(Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions)

• Deep understanding of the ISO/IEC 27000 family of standards, including principles, controls, structure, and best practices and experience in building a high-performing compliance and risk management program within a technical function.
• Knowledge of how information security risk management frameworks, specifically NIST CSF, can crosswalk to ISO/IEC 27000 family of standards.
• Knowledge of how to perform risk assessments to identify vulnerabilities, threats, and impacts, and how to create risk treatment plans.
• Knowledge of how to design and implement risk mitigation strategies, control measures, and residual risk evaluation.
• Understanding of Compliance and Legal requirements around data privacy and contractual obligations.
• Expertise in preparing for both internal and external audits, ensuring that controls and systems are compliant with ISO/IEC 27000.
• Ability to develop, implement, and maintain information security policies, procedures, and guidelines.
• Understanding of how information security fits into the larger governance framework of an organization.
• Knowledge of incident response processes and business Continuity Planning (BCP) and disaster recovery plans that are in line with ISO/IEC 27000 standards.
• Ability to work cross-functionally and influence stakeholders at all levels.
• Strong interpersonal communication skills and the ability to maintain effective working.
• Ability to effectively facilitate meetings.

Education and Experience Requirements:

• Bachelor's or Master's degree in Computer…