What are the responsibilities and job description for the Director of IT Governance, Risk and Compliance position at Orion Financial?
POSITION PURPOSE
The Director of IT Governance, Risk and Compliance provides strategic leadership and oversight of the organization's IT risk posture, governance frameworks, and regulatory compliance within a financial services environment. This role reports to the CIO and ensures alignment between IT risk management practices and the institution's risk appetite, while enabling secure, compliant, and resilient technology operations. The director serves as a key liaison to regulators and internal audit, leads enterprise IT risk programs, and partners closely with information security, legal, compliance, and business units to proactively identify, assess, and mitigate risk across systems, vendors, and emerging technologies.
Essential Functions And Basic Duties
EDUCATION/CERTIFICATION: Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field. Advanced degree preferred. Relevant certifications preferred (e.g., CISM, CRISC, CISSP, CISA)
REQUIRED KNOWLEDGE: Strong understanding of SOX, data privacy regulations, and technology compliance requirements.
EXPERIENCE REQUIRED: Ten or more (10 ) years of progressive experience in IT risk management, IT audit, information security, or governance within financial services or a highly regulated industry.
Deep expertise in IT risk frameworks, such as NIST, COBIT, ISO 27001, and regulatory environments.
Proven experience managing regulatory exams and audit engagements.
Skills/Abilities
Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership.
Demonstrated ability to lead complex risk programs and influence senior stakeholders, including executive leadership.
Very strong analytical & problem-solving skills
Successful candidates must pass pre-employment credit checks, background checks, and drug screens.
Orion Financial is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, national origin or any other federal or state protected class. We maintain a drug-free workplace and perform pre-employment substance abuse testing. If you are unable to complete this application due to a disability, contact us to ask for an accommodation or an alternative application process.
The Director of IT Governance, Risk and Compliance provides strategic leadership and oversight of the organization's IT risk posture, governance frameworks, and regulatory compliance within a financial services environment. This role reports to the CIO and ensures alignment between IT risk management practices and the institution's risk appetite, while enabling secure, compliant, and resilient technology operations. The director serves as a key liaison to regulators and internal audit, leads enterprise IT risk programs, and partners closely with information security, legal, compliance, and business units to proactively identify, assess, and mitigate risk across systems, vendors, and emerging technologies.
Essential Functions And Basic Duties
- Define And maintain the IT risk management framework, ensuring alignment with enterprise risk appetite and business strategy.
- Develop and execute a multi year IT risk maturity road map, including governance, controls, and reporting enhancements.
- Provide executive level and board reporting on IT risk posture, trends, and emerging threats.
- Establish and oversee IT governance structures, policies, standards, and procedures.
- Lead enterprise IT risk assessments, including infrastructure, applications, and security architecture reviews.
- Identify vulnerabilities, evaluate risk exposure, and ensure timely mitigation of identified issues.
- Oversee risk acceptance processes and provide escalation authority for material IT and security risks.
- Review and challenge risk decisions, ensuring consistency with organizational risk tolerance.
- Serve as primary point of contact for IT regulatory examinations and audits.
- Manage IT exam life cycle, including preparation, coordination, and response.
- Oversee tracking, reporting, and remediation of IT findings from regulators and internal/ external audits.
- Maintain comprehensive documentation of audits, findings, and corrective actions.
- Interpret and operationalize regulatory requirements related to IT systems, data protection, and information security to include SOX, data privacy laws, and financial regulations.
- Develop and implement strategies to ensure ongoing compliance with applicable laws and standards.
- Partner with legal and compliance teams to monitor regulatory changes and assess impact on IT controls.
- Provide oversight of IT risk associated with third party vendors, including material risk vendor reviews and escalations.
- Collaborate with vendor management teams to ensure adequate controls and risk mitigation strategies.
- Assess risks associated with new technologies, products, and services, ensuring appropriate governance and control implementation.
- Partner closely with information security to align on security controls, risk assessments, and remediation priorities.
- Work with business and technology stakeholders to embed risk management practices into day-to-day operations.
- Promote a strong risk-aware culture across the organization.
EDUCATION/CERTIFICATION: Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field. Advanced degree preferred. Relevant certifications preferred (e.g., CISM, CRISC, CISSP, CISA)
REQUIRED KNOWLEDGE: Strong understanding of SOX, data privacy regulations, and technology compliance requirements.
EXPERIENCE REQUIRED: Ten or more (10 ) years of progressive experience in IT risk management, IT audit, information security, or governance within financial services or a highly regulated industry.
Deep expertise in IT risk frameworks, such as NIST, COBIT, ISO 27001, and regulatory environments.
Proven experience managing regulatory exams and audit engagements.
Skills/Abilities
Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership.
Demonstrated ability to lead complex risk programs and influence senior stakeholders, including executive leadership.
Very strong analytical & problem-solving skills
Successful candidates must pass pre-employment credit checks, background checks, and drug screens.
Orion Financial is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, national origin or any other federal or state protected class. We maintain a drug-free workplace and perform pre-employment substance abuse testing. If you are unable to complete this application due to a disability, contact us to ask for an accommodation or an alternative application process.