Senior Director, Cybersecurity Governance, Risk & Compliance (GRC)

Department: Information Technology

Location: Atlanta

Description

The Senior Director GRC at Infor will lead enterprise GRC at a global high-tech software company operating at the leading edge of cloud, AI, and enterprise SaaS. You'll shape the governance, risk, and compliance strategy for a complex, multi-cloud product portfolio serving customers across regulated industries worldwide — navigating an evolving global regulatory landscape that spans data privacy, AI governance, cloud sovereignty, and critical infrastructure protection.

Experience leading enterprise cybersecurity GRC programs at a high-tech, cloud-first software or SaaS company.

A Typical Day In The Life Includes

• Direct a high-performing GRC organization spanning risk management, compliance, audit, policy, and third-party risk. Mentor leaders, scale processes, and set the standard for operational excellence.
• Define and execute the enterprise cybersecurity GRC strategy — aligning governance frameworks, risk appetite, and compliance priorities with business objectives, product roadmaps, and customer commitments.
• Stay ahead of a rapidly shifting global regulatory landscape — GDPR, CCPA/CPRA, EU AI Act, NIS2, DORA, SEC cyber disclosure rules, state privacy laws, sector-specific mandates (HIPAA, PCI DSS, FedRAMP, CMMC, IRAP, C5), and emerging AI governance requirements. Translate change into actionable controls and customer-facing assurances.
• Build and operationalize the AI risk and governance program — model risk management, responsible AI principles, training data governance, AI system inventories, and alignment with NIST AI RMF, ISO/IEC 42001, and the EU AI Act. Partner with engineering and product on AI assurance for generative and agentic features.
• Own compliance posture across multi-cloud environments (Azure, AWS, GCP). Drive continuous control monitoring, automated evidence collection, and compliance-as-code to keep pace with rapid product innovation.
• Operate the enterprise cyber risk program — risk identification, quantification (FAIR or equivalent), treatment, and reporting. Provide clear, decision-ready risk insights to executives, the board, and audit committees.
• Lead external audits and certifications (SOC 1/2, ISO 27001/27701/42001, PCI DSS, FedRAMP, HITRUST, regional sovereign clouds). Build an audit-ready posture that scales with the business.
• Mature the TPRM and software supply chain risk programs — vendor due diligence, ongoing monitoring, SBOM governance, and contractual security obligations.
• Maintain a coherent policy and standards library aligned to NIST CSF 2.0, ISO 27001, CIS Controls, and SSDF. Drive adoption across engineering, IT, and business units.
• Partner with sales, legal, and product to support customer trust — RFPs, security questionnaires, trust portals, DPAs, and executive customer engagements in regulated sectors.
• Partner with security operations and legal on incident response governance, regulatory notification obligations, and breach disclosure readiness.
• Deliver clear, business-aligned reporting to the CISO, executive leadership, and the board on risk posture, compliance health, and program maturity.
  
  

Basic Qualifications

• Experience across major frameworks and standards: NIST CSF 2.0, NIST 800-53, ISO 27001/27701/42001, SOC 2, PCI DSS, FedRAMP, HIPAA, GDPR, and emerging AI governance frameworks (EU AI Act, NIST AI RMF).
• Experience of multi-cloud environments (Azure, AWS, GCP) and modern compliance automation — continuous control monitoring, GRC platforms (e.g., ServiceNow IRM, Archer, OneTrust, Drata, Vanta), and compliance-as-code.
• Experience of AI/ML risk and governance — securing and governing generative AI, LLM-integrated products, model lifecycle, and AI supply chain.
• Experience of enterprise risk management methodologies, risk quantification (FAIR), and translating risk into business language.
• Experience of managing complex external audits and customer assurance programs at scale.
• Experience briefing boards, regulators, and enterprise customers with clarity and credibility.
• Experience balancing long-term program vision with pragmatic execution in a fast-moving product environment.
  
  

Location: Atlanta GA, Dallas TX

Our Values

At Infor, we strive for an environment that is founded on a business philosophy called Principle Based Management™ (PBM™) and eight Guiding Principles: integrity, stewardship & compliance, transformation, principled entrepreneurship, knowledge, humility, respect, self-actualization.

We have a relentless commitment to a culture based on PBM™. Informed by the principles that allow a free and open society to flourish, PBM™ prepares individuals to innovate, improve, and transform while fostering a healthy, growing organization that creates long-term value for its clients and supporters and fulfillment for its employees.

Infor is an Equal Opportunity Employer. We are committed to creating a diverse and inclusive work environment. Infor does not discriminate against candidates or employees because of their sex, race, gender identity, disability, age, sexual orientation, religion, national origin, veteran status, or any other protected status under the law. If you require accommodation or assistance at any time during the application or selection processes, please submit a request by following the directions located in the FAQ section.

Fraud Awareness

We have been made aware of unauthorized individuals posing as Infor recruiters, including some who have made fraudulent offers of employment. Please read our guidelines and protect yourself from recruitment scams.

Fraud Privacy Policy

We value your privacy at Infor. You may access our privacy policy here.

US Only

This employer uses E-Verify. Please visit this website for additional information.

E-Verify Illinois: Click here, aquí, or tu