Director of Governance, Risk, and Compliance (GRC)

Overview

Propelis, a renowned global brand services agency, is seeking a visionary Director of Governance, Risk, and Compliance (GRC) to drive transformation in its enterprise security posture. Situated in Chicago, IL, with a flexible remote work arrangement, this leadership role presents an exciting opportunity to shape and mature Propelis' governance, risk, and compliance programs on a global scale.

Reporting directly to the SVP & Chief Information Security Officer (CISO), the Director of GRC will act as a strategic partner to executive leadership and business units worldwide. The successful candidate will lead a critical function, blending high-level strategy with hands-on execution, and will be central to ensuring Propelis fulfills its commitments to regulatory agencies, clients, and contractual stakeholders. This role also emphasizes building a risk-aware culture to empower the organization to operate and grow confidently in a rapidly evolving landscape.

Key Responsibilities

Governance

• Develop, implement, and maintain the Propelis GRC framework, aligning all relevant policies and standards to leading global benchmarks, including ISO 27001:2022, NIST 800-53r5, and HITRUST CSF.
• Facilitate governance committees and engage with executive leadership to promote effective risk oversight and accountability throughout the organization.
• Ensure GRC policies and standards are kept current, reviewed regularly, and consistently communicated across Propelis' worldwide operations.

Risk Management

• Design and lead robust Technology Risk Management (TRM) and Participate in Enterprise risk management (ERM) and cybersecurity risk programs that support Propelis' strategic vision and business objectives.
• Maintain the corporate risk register, providing timely and actionable reporting on risk posture, emerging trends, and key risk indicators to senior leadership, including the CISO and CIO.
• Articulate and manage Propelis' risk appetite and tolerance, ensuring these parameters remain aligned with evolving business strategies and client expectations.

Compliance

• Oversee organization-wide compliance initiatives, including ISO 27001 certification, SOC 2, GDPR, HIPAA/HITRUST, PCI DSS, and additional regulatory or contractual requirements as needed.
• Serve as the primary liaison to internal and external audit teams, leading efforts to ensure audit readiness, manage client assessments, and address findings proactively.
• Promote automation and continuous monitoring within compliance processes to minimize manual effort and enhance overall assurance and transparency.

Third-Party Risk

• Lead the vendor risk management program, ensuring comprehensive supplier due diligence, ongoing monitoring, and rigorous contractual compliance.
• Partner with Procurement and Legal teams to embed security and compliance requirements into all phases of vendor engagement and relationship management.

Leadership & Collaboration

• Build, mentor, and empower the GRC function, fostering a culture of accountability, professional growth, and continuous improvement within the team and across Propelis.
• Serve as a trusted advisor to the CISO and executive leadership, offering expert counsel on governance, risk, and compliance matters to inform decision-making at the highest levels.
• Collaborate closely with IT, Legal, Finance, Operations, and business units worldwide to seamlessly integrate risk and compliance considerations into daily operations and strategic initiatives.

Qualifications

• Bachelor's degree in Information Security, Risk Management, Business, or a closely related discipline required.
• Minimum of 7 to 10 years of progressive experience in governance, risk, compliance, or information security, including at least 5 years in a leadership or management role.
• Deep knowledge of international frameworks and regulatory standards, including but not limited to ISO 27001/27005, NIST 800-53, HITRUST CSF, SOC 2, PCI DSS, HIPAA, and GDPR.
• Proven record of success in implementing enterprise risk management programs and compliance initiatives within complex, global organizations.
• Exceptional communication skills, with the ability to influence executive stakeholders and convey technical risk concepts in precise, business-oriented language.

Preferred certifications include:

• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Implementer/Auditor

Personal Attributes

• Strategic thinker with a demonstrated ability to balance risk reduction and business enablement, ensuring security and compliance support-rather than hinder-organizational growth.
• Strong leadership presence, capable of driving accountability, setting direction, and inspiring teams across multiple geographies and domains.
• Collaborative and pragmatic approach to governance, compliance, and risk management, fostering relationships and encouraging shared ownership of enterprise security goals.

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

This is a remote position in the US. We are open to candidates in various states, with the exception of those residing in the following: AK, DC, ME, NH, NM, OK, HI, MS, MT, NV, NE, ND, SD, VT, WY, WV

Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $99,927 - $165,000 USD. Ultimately, in determining pay, we will consider the successful candidate's location, experience, and other job-related factors.

Group benefits currently include a selection of health care plans with prescription drug coverage, dental plan, vision plan, basic and supplemental life insurance, a flexible spending account for medical and dependent care expenses or a health savings account based on plan selection, short/long term disability and 401(k) Savings Plan.

#LI-SM1

ISO 27001 Lead Implementer/Auditor (preferred)
CISSP (Certified Information Systems Security Professional) (preferred)
CISA (Certified Information Systems Auditor) (preferred)
CRISC (Certified in Risk and Information Systems Control) (preferred)
CISM (Certified Information Security Manager) (preferred)
Proven record of success in implementing enterprise risk management programs and compliance initiatives within complex, global organizations (required)
Deep knowledge of international frameworks and regulatory standards, including but not limited to ISO 27001/27005, NIST 800-53, HITRUST CSF, SOC 2, PCI DSS, HIPAA, and GDPR (required)
7 - 10 years: Years of progressive experience in governance, risk, compliance, or information security, including at least 5 years in a leadership or management role (required)