Technology Governance, Risk & Compliance Director

The technology, governance, risk, & compliance (GRC) director oversees and drives the strategy and execution of the organization's technology risk management and compliance initiatives. This role focuses on defining, building, and implementing technology governance frameworks and processes from the ground up. Collaborating with senior leadership and cross-functional teams, the GRC Director ensures that technology risks are identified, mitigated, and aligned with regulatory and organizational goals. This is a strategic, hands-on role that requires strong leadership in influencing decisions and driving cross-functional collaboration.

Job Responsibilities

The intent of this job description is to provide a representation of the types of duties and level of responsibilities required of this position and is not intended to be an exhaustive list of all responsibilities, duties, and skills. Team members may be directed to perform job-related tasks others than those specifically stated in this description.

• Owns and drives the overarching technology governance, risk, and compliance (GRC) strategy, ensuring alignment with organizational goals and delivering measurable impact across all functions.
• Defines, builds, implements, and maintains technology-related risk management frameworks, policies, and procedures to identify, assess, mitigate, and monitor technology risks, ensuring compliance and regulatory alignment.
• Leads the development, execution, and management of the GRC program, collaborating with senior leadership and cross-functional teams to assess and prioritize technology risks, recommend solutions, and drive risk mitigation strategies.
• Leads technology strategic planning cycles, ensuring continuous prioritization, alignment, and integration of technology initiatives across the organization to ensure effective risk management and regulatory compliance.
• Guides cross-functional teams in defining and optimizing long-term technology governance strategies, establishing objectives, KPIs, and reporting mechanisms to ensure consistency, accountability, and alignment with business goals.
• Establishes measurable objectives for enhancing technology risk management and compliance, driving continuous monitoring and improvement of governance practices across the organization.
• Leads regular technology risk assessments and audits to ensure ongoing compliance, identifying vulnerabilities, and recommending corrective actions to drive continuous improvement and mitigate emerging risks.
• Establishes and promotes best practices for managing emerging technology risks, ensuring systems, processes, and teams remain secure, compliant, and aligned with industry standards.
• Partners with senior leadership and cross-functional teams to drive a unified approach to managing technology risks and compliance, ensuring alignment with organizational objectives and regulatory requirements.
• Navigates ambiguity and adapts to the evolving needs of the organization, developing and implementing effective technology governance, risk management, and compliance strategies.
• Stays current with GRC trends, changes in technology, and industry standards, proactively ensuring the organization remains ahead of the curve with innovative, relevant practices.

An equivalent combination of education, training, and experience will be considered.

• High school diploma or equivalent
• Minimum of 5 years of experience in technology governance or information risk management, or a related field
• Minimum of 5 years’ experience in finance/budget management
• Minimum 3 years’ experience in developing, communicating, and presenting technology governance concepts to executive leadership audiences
• Minimum 2 years’ management experience

• Master of business administration in computer science or information systems, or similar field
• 8+ years in technology governance, risk management, and compliance

A representation of the knowledge, skills, and abilities necessary to perform this job competently.

• Extensive knowledge of GRC best practices.
• Familiarity with FFIEC, SOC2, SDLC, GAAP and other industry standards related to governance functions.
• Proven experience in developing and leading GRC programs with a high proficiency in process design and optimization, project management, and multi-functional collaboration.
• Proven track record to get deep into program and business details to unblock projects.
• Ability to evaluate risks, understand control and develop governance processes to support the company and complex issues, develop consensus, raise awareness, and provide and implement solutions.
• Strong communicator at all levels.
• Collaborative mindset and the ability to influence indirectly.
• Experience in banking, payments, or similarly regulated industries.
• Understanding of the NIST framework and other associated cyber security standards.
• Effective in building relationships with organizational leaders and influencing senior management.

Environmental or atmospheric conditions commonly associated with the performance of this job’s functions.

• Remote work environment with the utilization of on-line technology, including various computer programs and systems.

The physical demands described below are representative of those that must be met by an employee to successfully perform this job’s essential functions. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

• Ability to work at a computer in a stationary manner up to 8 hours daily.

Together Credit Union is an Equal Opportunity employer. The Credit Union complies with appropriate federal, state, and local laws and provides equal employment opportunities without regard to race, color, religion, gender, age, sexual orientation, gender identity, national origin, veteran status, disability, or any other protected status to all qualified applicants and employees. Together Credit Union is committed to a policy of non-discrimination and dedicated to providing a positive discrimination-free work environment.