Director, Governance, Risk, & Compliance (GRC)

Resideo

Austin, US

On-site

Why this role

Pace

Fast Paced

Collaboration

High

Autonomy

Medium

Decision Impact

Company

Role Level

Manager

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

established a modern cybersecurity GRC program
improved governance and risk management processes
enhanced board-level risk communication

Typical background

legal compliancecybersecurityrisk management

Transferable backgrounds

Coming from compliance officer
Coming from risk analyst

Skills & requirements

Required

Cybersecurity GovernanceRisk ManagementComplianceData AnalysisAI Application In Compliance

Preferred

Enterprise Risk ManagementBoard-level Communication

Stack & domain

CybersecurityAIDataAutomationAnalyticsGrcCyber RiskPolicyStandardsRisk ManagementRisk CommunicationComplianceRegulatory ReadinessMetricsReportingTrainingAwarenessAdoptionLeadershipCommunicationProblem-solvingTeamworkStrategic ThinkingDecision-makingCollaborationProject ManagementData AnalyticsCyber Insurance

About the role

Original posting from Resideo

The Director of Governance, Risk & Compliance (GRC) is responsible for building and operating an AI-enabled, modern cybersecurity GRC program that transforms governance from a compliance-focused function into a fast, intelligent, and risk-based engine for the business. Reporting directly to the CISO, this role serves as the architect of a scalable GRC capability that modernizes how cyber risk is identified, measured, prioritized, reported, and acted upon across the enterprise and product portfolio. The Director will leverage data, automation, analytics, and the responsible application of AI to create a single authoritative view of cyber risk, reduce operational friction, accelerate decision-making, and ensure governance operates at the speed and scale of the business. This role partners closely with Security, IT, Product Engineering, Legal, Privacy, Finance, Internal Audit, and executive leadership to embed risk-based governance into how the organization plans, builds, and operates.
This is a transformational role for a builder-someone who can challenge legacy GRC models, simplify complexity, and deliver board-ready insights that clearly articulate business impact, financial exposure, and strategic trade-offs. The Director will create a program that is defensible, measurable, portfolio-driven, and future-ready, enabling enterprise resilience, product innovation, regulatory confidence, and informed risk ownership.
Job Duties
Cybersecurity Governance & Operating Model
Define and maintain the enterprise cybersecurity governance framework, including decision rights, escalation paths, and exception handling.
Own the cybersecurity policy, standards, and exception lifecycle across enterprise and product environments.
Ensure clear ownership and accountability for security controls, compliance obligations, and accepted risks.
Serve as a senior advisor to the CISO and executive leadership on governance decisions and material risk trade-offs.
Enterprise, Product & Portfolio Risk Management
Own the cybersecurity risk management framework, including risk taxonomy, scoring methodology, appetite, and acceptance thresholds.
Maintain the enterprise risk register and an integrated portfolio view of cyber risk across enterprise, product, and third-party domains.
Provide leadership with an aggregate, decision-ready risk posture to support prioritization, investment planning, and risk acceptance.
Lead risk assessments for enterprise IT, cloud platforms, connected products, and critical suppliers.
Ensure risk acceptance decisions are well-documented, time-bound, reviewed, and auditable.
Executive & Board-Level Risk Communication
Lead preparation of cybersecurity risk materials for executive leadership, board committees, and full board briefings.
Translate technical and operational cyber risk into business impact, financial exposure, and strategic implications.
Support the CISO in board-level discussions related to cyber risk posture, trends, and material risk decisions.
Compliance & Regulatory Readiness (Enterprise & Product)
Lead enterprise and product cybersecurity compliance programs aligned to regulatory, statutory, and customer requirements.
Translate regulatory obligations into pragmatic, enforceable control expectations embedded into business and engineering workflows.
Partner with Product Security and Engineering to integrate security-by-design and compliance into product development lifecycles.
Monitor emerging regulations and contractual obligations and define readiness roadmaps that minimize disruption to delivery.
Audit, Certification & Assurance
Own security audit, customer assurance, and certification readiness across enterprise and product environments.
Establish an always-audit-ready operating model with defined control ownership, evidence standards, and testing cadence.
Oversee remediation of audit findings and control gaps using durable, sustainable solutions.
Provide executive visibility into audit status, findings, trends, and remediation progress.
Third-Party, Supply Chain & Cyber Insurance Support
Lead third-party and supply-chain cybersecurity risk governance, including vendor onboarding, assessments, and ongoing oversight.
Define risk-based tiering, minimum security requirements, and escalation thresholds for suppliers.
Partner with Finance, Legal, and Risk Management to support cyber insurance underwriting, renewals, and claims.
Provide risk data, metrics, and control evidence required to support cyber insurance placement and renewal activities.
Metrics, Reporting & Continuous Improvement
Define and maintain key risk indicators (KRIs), compliance metrics, and portfolio-level reporting.
Use automation, analytics, and AI-enabled capabilities to improve risk signal quality and reduce manual effort.
Continuously optimize GRC processes to improve efficiency, decision speed, and risk transparency.
Training, Awareness & Adoption
Partner with HR an

Source: Resideo careers