Position Summary:

The Director of IT Governance and Controls is responsible for overseeing and managing the IT governance and controls functions within Pax8. This role involves ensuring that the company adheres to regulatory requirements, develops policies and standards, and implements and assesses the IT controls environment. The Director will lead IT governance activities including audit activities, assess risk management processes, and implement security compliance programs to mitigate potential risks.

Essential Responsibilities:

• Develop and maintain security compliance policies, standards, and procedures in collaboration with key stakeholders (i.e., Legal, Compliance, HR, IT, etc.)
• IT Controls expertise including framework knowledge, implementation, and assessment of effectiveness. SCF experience is desireable.
• Oversee regular security assessments to ensure compliance with laws and regulations:
  • ISO 27001 recertification
  • SOC2 Type 2 annual assessment
  • PCI annual attestation
  • HIPAA annual compliance
  • Cyber Essentials – UK
  • Microsoft Supplier Data Protection Requirements (SSPA)

• Identify and address security compliance issues and risks.
• Collaborate with other departments to ensure a cohesive approach to implementing security policies, standards, and controls.
• Develop key metrics and report on effectiveness of policies, standards, and controls to senior management and regulatory bodies.

Ideal Skills, Experience, and Competencies:

• Extensive experience in security compliance, risk management, or a related field.
• In-depth understanding of the industry-specific regulations and standards.
• Strong understanding of security best practices and frameworks (e.g., ISO 27001:2022, SOC2, SCF).
• Experience in managing security compliance projects from initiation to completion.
• Proven track record of ensuring adherence to regulatory requirements and internal policies.
• At least ten (10) or more years of experience in security compliance, IT Audit, or related experience.
• Understanding of public cloud deployments and associated security risks and controls.
• Experience working in a Zero Trust focused security program.
• Excellent communication, interpersonal, and leadership skills.
• Strong sense of ethics and integrity in decision-making.
• Ability to work effectively with various departments and stakeholders.
• Competence in providing training and development on security compliance matters to staff.
• Proficiency in preparing and presenting security compliance reports to senior management and regulatory bodies.

Required Behaviors:

• Compassionate Candour—We aim to assist others with candid, actionable feedback.
• Seek to Understand—Be open, curious and committed to learning.
• We Before Me—Actively collaborate and seek out diverse perspectives to ensure a win for Team Pax8.
• Do What You Say—Take ownership and honor your commitments; prioritize and deliver.
• Light Up Learning—Be brave and try new ideas; be vulnerable and share your failures so everyone can learn from our mistakes.
• Driven by Passion—Connects personal passion to Pax8 mission, resilient in face of adversity and uncertainty in pursuit of mission.

Required Education & Certifications:

• B.A./B.S. in a related field or equivalent work experience

Compensation: