Associate Director, Governance Risk and Compliance

Grade Level (for internal use): 12

Join our innovative organization as a GRC Leader with 12+ years of progressive experience in governance, risk, and compliance. You will architect and lead a proactive, automation‑centric GRC program within a high‑velocity AI‑native environment. This role is not about compliance checkboxes driven by external audits; instead, you will own the internal risk lifecycle end‑to‑end—from anticipatory cyber security risk identification to automated remediation—embedding security as a core business accelerator. You will build and lead a lean, high‑impact GRC team that operates with engineering rigor, data‑driven precision, and cultural influence.

As the GRC Leader, you will lead proactive risk identification, quantification, treatment, and continuous monitoring across cloud environments (AWS, GCP, Azure), applications, AI/ML models, and data platforms. Your expertise will enhance our security posture by implementing real‑time risk scoring engines, automating evidence collection, and managing Management Action Plans (MAPs). You will also cultivate a security culture and ensure alignment with internal standards while leading assurance reviews and third‑party risk assessments.

This role offers exceptional learning opportunities and engagement with senior management across the company. You will collaborate with key stakeholders on meaningful projects, fostering daily professional growth. Your primary responsibilities will include leading the GRC team, developing audit coverage for new and emerging technologies, and leveraging cutting‑edge digital capabilities, including AI and data analytics, to enhance GRC activities.

• Lead the GRC team, providing comprehensive risk‑based coverage for cloud infrastructure, applications, AI/ML models, and data platforms.
• Work with engineering team to design and implement real‑time risk scoring engines using behavioral analytics and anomaly detection.
• Own Management Action Plans (MAPs) from creation to closure, driving accountability through automated workflows.
• Transition from periodic reporting to continuous assurance with live dashboards and predictive risk signals.
• Work with Engineering team to architect and operationalize automated evidence collection for 150+ controls using tools like ServiceNow GRC, Drata, or OneTrust.
• Build self‑healing remediation playbooks to enhance operational efficiency.
• Recruit, mentor, and lead a GRC team blending policy, automation, and data skills.
• Launch a self‑service policy portal to enhance user experience and engagement.
• Lead internal security assurance reviews and manage the third‑party risk lifecycle.
• Maintain living mappings of internal standards to SOC 2, ISO 27001, and NIST AI RMF.

• Bachelor’s degree in information technology, Computer Science, or a related field; Master’s degree or relevant certifications (CISA, CRISC, CISSP, or equivalent) preferred.
• Minimum of 12 years of experience in GRC, risk management, or security assurance, with at least 5 years in a leadership role.
• Strong knowledge of cloud security (AWS, GCP, Azure) and AI/ML risk frameworks.
• Proven ability to lead audits and manage multiple projects simultaneously in a fast‑paced environment.
• Experience with automation tools for GRC workflows (ServiceNow, Drata, OneTrust, or equivalent).
• Outstanding verbal and written communication skills, capable of presenting findings and recommendations to senior management and stakeholders.
• Strong leadership and team management skills, with experience in mentoring and developing audit team members.
• Strong Data Security Governance experience.

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.