Edtech.com's Summary

College Board is hiring an Executive Director, Information Security Governance, Risk & Compliance to manage a team of 10 and lead security governance, risk management, and compliance initiatives. The role involves setting strategic vision, driving compliance with industry standards, enhancing risk assessment and reporting, and fostering strong organizational partnerships.

Highlights

Manage and support a 10-member ISGRC team, setting vision and priorities to meet organizational goals.
Develop and maintain partnerships across technology and business units to deliver business value.
Lead compliance efforts with frameworks including ISO 27001, PCI-DSS, and SOC2, ensuring risk reduction and certification maintenance.
Oversee AI risk management initiatives and integrate responsible AI governance practices.
Enhance disaster recovery and crisis management protocols in collaboration with stakeholders.
Experience with security audits, third-party risk management, and information security governance.
Strong leadership skills with ability to coach, inspire, and foster an inclusive team culture.
Bachelor's degree required; preferred certifications in Information Security and/or Privacy.
Compensation range: $160,000–$230,000 depending on experience and location.
Expected travel to Reston and New York offices up to 3-4 times per quarter.

Executive Director, Information Security Governance, Risk & Compliance Full Description

Executive Director, Information Security Governance, Risk & Compliance

Remote - USA

Full time

Executive Director, Information Security, Governance, Risk and Compliance (ISGRC)

College Board – Risk Management

Location: This is a fully remote role (east coast hours preferred). Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office). Preference for candidates in the New York City or DC areas; the Executive Director is expected to travel to the Reston and New York offices periodically for meetings.

Role Type: This is a full-time position

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team of ten individuals facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.   

About the Opportunity

As the Executive Director, Information Security, Governance, Risk and Compliance (ISGRC), you manage a team of 10 employees and work across the organization to ensure compliance with information security standards, reduce risk, and add value. You are a strong and proven leader – of teams and functions -- with a comprehensive understanding of security-focused governance, risk, and compliance functions, and of the technical systems and processes that you are assessing. You will set a compelling strategic vision and ambitious goals for the ISGRC team, driving the team’s development and engagement through the pursuit and achievement of those goals. You will use superior interpersonal and communication skills to build relationships across and beyond the organization, to explain the purpose and importance of the ISGRC function, including to non-technical audiences, and to advocate for the needs of the group and organization. You will protect, support, and enhance the College Board’s mission and functions rather than burdening or impeding them, maintaining a service orientation, drive for efficiency, focus on adding value, and organizational perspective on the role that ISGRC plays at the College Board.

In this role, you will engage in:

Team Management (40%)  

Effectively manage, guide, and support ten team members to ensure they are engaged and working effectively with their respective teams towards accomplishing ISGRC and organizational goals.  
Set vision and priorities for the team, track and manage progress to goals, and provide coaching and support to ensure team members meet and exceed goals, remain engaged, and contribute meaningfully to our mission.
Cultivate an inclusive and high-achieving culture that enables all team members to live out College Board’s Operating Principles effectively.
Bring proven leadership experience and consistently embody College Board’s Manager Expectations in your work.

Strategy & Communication (20%)  

Develop and maintain strong partnerships with leaders in Technology and the various business units including by providing strong contributions that deliver business value.  
Craft a compelling vision and strategic plan grounded in security-focused governance risk and compliance functions to directly reduce risk to the organization and ensure compliance with industry-recognized certifications (ISO 27001, PCI-DSS and SOC2) at all levels of the organization.  
Drive internal efficiency and productivity and enhance ISGRC services through standardization, simplification, process re-engineering, cross-team alignment, and appropriate use of AI.

Design & Implementation (40%)  

Assess and enhance ISGRC’s risk assessment and reporting, audit, compliance, policy, and security awareness activities to ensure compliance.   
Assess and enhance the assessment experience both organization-wide and for external vendors to reduce risk, add actual and perceived value, and increase efficiency.  
Manage technology-based systems that enhance information security assessments, facilitate efficient and meaningful analyses of data to evaluate compliance, and engage in requisite mitigation or remediation of risks to the organization.  
Identify metrics and design reports to be used across the organization to better understand information security risk and compliance. 
Drive the advancement of AI risk management at College Board through oversight of GenAI use case assessments, adherence to responsible AI principles, strategic integration of AI risk controls into enterprise frameworks, and representation of GRC on the enterprise AI Governance and Risk Committee.
Partner with stakeholder teams on the development, maintenance, and continuous enhancement of disaster recovery and crisis management protocols, ensuring that escalation procedures, stakeholder communications, and playbooks address both information security incidents and broader enterprise crises (e.g., natural disasters, third-party outages), and validating such processes through auditing, testing, and tabletop exercises.
Mature GRC functions with continuous controls monitoring capabilities.

About You

Expertise in risk management techniques, information security, and privacy frameworks  
10+ years of experience in security and/or general IT operational settings  
7-10 years of experience in security audit, compliance, and third-party risk management  
Exceptional knowledge of InfoSec governance practices including risk, audit, policy and standard development, metrics development, and education and training  
Experience with audits such as ISO27001, SOC2, PCI, or similar types of audits and third-party risk   
Understanding of risk and risk management   
Proven ability to set vision and direction, then manage others to meet aligned goals and metrics    
Adept problem-solving skills, including use and analysis of data to inform decisions and actions    
Excellent verbal and written communication skills, including the ability to negotiate, inspire, persuade, and facilitate meetings and presentations both remotely and in-person to your team and to other groups 
Proven ability to collaborate, build relationships, and influence others to action  
A strategic and inclusive leadership style: you set clear priorities, build effective team structures, plan for future needs, and foster a culture of belonging.
A proven ability to drive performance and growth: you set high expectations, deliver real-time, evidence-based feedback, and coach team members to take smart risks, stretch their skills, and achieve meaningful impact.
Ability to travel to our Reston or New York office up to 3-4 times per quarter  
Experience managing relationships with third-party resources and vendors   
Outstanding knowledge of emerging trends and best practices in the field of security-focused governance risk and compliance   
Bachelor’s degree required, and one or more current Information Security and/or Privacy certifications preferred

All roles at College Board require:

A passion for expanding educational and career opportunities and mission-driven work
Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.
Clear and concise communication skills, written and verbal
A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success
Authorization to work in the United States

About Our Process

Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.
While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, a performance exercise, a panel interview, a conversation with leadership and reference checks.

What We Offer

At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach to Compensation

The hiring range for this role is $160,000–$230,000.
Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
We adjust salaries by location to ensure fairness, no matter where you live.

You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process. Check out our careers page for more.

#LI-LinkedIn

#LI-MR1

#LI-Remote

Original Job Description