Assistant Director of GRC
University of Texas at Arlington, Arlington, TX, United States
The Assistant Director, Governance, Risk & Compliance (GRC) provides operational leadership for the organization's information security program – including governance, risk management, assurance, compliance, and security awareness. Reporting to the CISO, this role is responsible for developing, implementing, and continually improving policies, standards, risk processes, and compliance activities that align with regulatory requirements, industry frameworks, and organizational risk appetite.
This role serves as a key advisor to executive leadership, business partners, and technology teams, translating regulatory and security requirements into practical, scalable, and measurable programs that protect the organization while enabling business objectives.
Essential Duties and Responsibilities
Lead the day-to-day functions of the Information Security department under the leadership of the CISO.
Leads and supports managers and individual contributors under their purview.
Lead, mentor, and develop GRC team members and managers, fostering a high-performing and collaborative culture. Represent the Information Security Office in cross-functional initiatives and enterprise programs.
Acts as delegated authority for the CISO as appropriate.
Assists CISO in departmental office functions, i.e. budget and approvals as needed.
Governance & Policy Management
Lead the development, maintenance, and lifecycle management of enterprise information security policies, standards, procedures, and supporting documentation.
Ensure alignment with recognized security frameworks.
Establish governance processes to ensure consistent policy adoption and exception management across the organization.
Enterprise Security Risk Management
Direct the information security risk management program, including risk identification, assessment, treatment, and monitoring.
Oversee third-party/vendor security risk assessments and third-party continuous monitoring.
Develop risk dashboards and executive-level reporting for the CISO, executive leadership, and governance committees.
Evaluate and improve control design, implementation, and effectiveness across the security program.
Security Awareness & Training
Accountable for the enterprise cybersecurity awareness and training program.
Define annual and role‑based training requirements.
Establish training metrics, reporting and performance standards.
Ensure audit‑ready maintenance of training records and evidence.
Program Management, Projects & Metrics
Establish and monitor GRC program KPIs and KRIs to measure effectiveness, maturity, and risk posture.
Drive continuous improvement through maturity assessments and benchmarking.
Ensure accurate and timely reporting to the CISO and senior leadership.
Oversee projects and initiatives for the Information Security Office.
Develop and maintain Information Security Office’s business processes.
Compliance & Cyber Security Oversight
Lead compliance efforts related to applicable laws, regulations, and contractual obligations.
Coordinate and manage independent security-related audits and assessments for compliance.
Provide oversight of core cybersecurity programs including, but not limited to, vulnerability management, incident response and threat management for effectiveness and compliance.
Perform risk-based, limited control validation to independently confirm that key cybersecurity controls operate as described.
Minimum Qualifications
Seven (7) years of progressive experience in information security, GRC, audit, risk, or compliance roles.
Two (2) years of management or people leadership experience.
CISSP or CISM required.
Extensive knowledge of and experience in information security and risk management.
Preferred Qualifications
Master’s degree in a related field.
Additional certifications such as CRISC, CISA, or ISO 27001 Lead Implementer/Auditor.
Experience supporting executive leadership or Board‑level risk reporting.
Experience in higher education. Experience in Texas State government.
Knowledge, Skills and Abilities
Must have excellent interpersonal, verbal, and written communication skills.
Successful experience working, collaborating, and establishing credibility and relationships with leadership, colleagues, and customers.
Ability to translate technical language to common language for non-technical users.
Workplace and Eligibility Conditions
Will work around standard office conditions. May occasionally be required to carry or move equipment and participate in awareness campaigns that require lifting and/or standing while manning booths.
Benefits We are proud to offer a comprehensive benefits package to all our employees at the University.
https://www.uta.edu/hr/employee-benefits
To help you understand the full value of these benefits, we have created a tool that calculates the total worth of your compensation package. This tool takes into account all of the benefits that you are eligible for, including health insurance, retirement plans and paid time off. To access this tool and learn more about the total value of your benefits, please click on the following link:
https://resources.uta.edu/hr/services/records/compensation-tools.php
EEO Statement It is the policy of The University of Texas at Arlington ( UTA or The University) to provide an educational and working environment that provides equal opportunity to all members of the University community. In accordance with federal and state law, the University prohibits unlawful discrimination, including harassment, on the basis of race, color, national origin, religion, age, sex, sexual orientation, pregnancy, disability, genetic information, and/or veteran status. The University also prohibits discrimination on the basis of gender identity and gender expression. Retaliation against persons who oppose a discriminatory practice, file a charge of discrimination, or testify for, assist in, or participate in an investigative proceeding relating to discrimination is prohibited. Constitutionally-protected expression will not be considered discrimination or harassment under this policy. It is the responsibility of all departments, employees and students to ensure the University’s compliance with this policy.
#J-18808-Ljbffr
This role serves as a key advisor to executive leadership, business partners, and technology teams, translating regulatory and security requirements into practical, scalable, and measurable programs that protect the organization while enabling business objectives.
Essential Duties and Responsibilities
Lead the day-to-day functions of the Information Security department under the leadership of the CISO.
Leads and supports managers and individual contributors under their purview.
Lead, mentor, and develop GRC team members and managers, fostering a high-performing and collaborative culture. Represent the Information Security Office in cross-functional initiatives and enterprise programs.
Acts as delegated authority for the CISO as appropriate.
Assists CISO in departmental office functions, i.e. budget and approvals as needed.
Governance & Policy Management
Lead the development, maintenance, and lifecycle management of enterprise information security policies, standards, procedures, and supporting documentation.
Ensure alignment with recognized security frameworks.
Establish governance processes to ensure consistent policy adoption and exception management across the organization.
Enterprise Security Risk Management
Direct the information security risk management program, including risk identification, assessment, treatment, and monitoring.
Oversee third-party/vendor security risk assessments and third-party continuous monitoring.
Develop risk dashboards and executive-level reporting for the CISO, executive leadership, and governance committees.
Evaluate and improve control design, implementation, and effectiveness across the security program.
Security Awareness & Training
Accountable for the enterprise cybersecurity awareness and training program.
Define annual and role‑based training requirements.
Establish training metrics, reporting and performance standards.
Ensure audit‑ready maintenance of training records and evidence.
Program Management, Projects & Metrics
Establish and monitor GRC program KPIs and KRIs to measure effectiveness, maturity, and risk posture.
Drive continuous improvement through maturity assessments and benchmarking.
Ensure accurate and timely reporting to the CISO and senior leadership.
Oversee projects and initiatives for the Information Security Office.
Develop and maintain Information Security Office’s business processes.
Compliance & Cyber Security Oversight
Lead compliance efforts related to applicable laws, regulations, and contractual obligations.
Coordinate and manage independent security-related audits and assessments for compliance.
Provide oversight of core cybersecurity programs including, but not limited to, vulnerability management, incident response and threat management for effectiveness and compliance.
Perform risk-based, limited control validation to independently confirm that key cybersecurity controls operate as described.
Minimum Qualifications
Seven (7) years of progressive experience in information security, GRC, audit, risk, or compliance roles.
Two (2) years of management or people leadership experience.
CISSP or CISM required.
Extensive knowledge of and experience in information security and risk management.
Preferred Qualifications
Master’s degree in a related field.
Additional certifications such as CRISC, CISA, or ISO 27001 Lead Implementer/Auditor.
Experience supporting executive leadership or Board‑level risk reporting.
Experience in higher education. Experience in Texas State government.
Knowledge, Skills and Abilities
Must have excellent interpersonal, verbal, and written communication skills.
Successful experience working, collaborating, and establishing credibility and relationships with leadership, colleagues, and customers.
Ability to translate technical language to common language for non-technical users.
Workplace and Eligibility Conditions
Will work around standard office conditions. May occasionally be required to carry or move equipment and participate in awareness campaigns that require lifting and/or standing while manning booths.
Benefits We are proud to offer a comprehensive benefits package to all our employees at the University.
https://www.uta.edu/hr/employee-benefits
To help you understand the full value of these benefits, we have created a tool that calculates the total worth of your compensation package. This tool takes into account all of the benefits that you are eligible for, including health insurance, retirement plans and paid time off. To access this tool and learn more about the total value of your benefits, please click on the following link:
https://resources.uta.edu/hr/services/records/compensation-tools.php
EEO Statement It is the policy of The University of Texas at Arlington ( UTA or The University) to provide an educational and working environment that provides equal opportunity to all members of the University community. In accordance with federal and state law, the University prohibits unlawful discrimination, including harassment, on the basis of race, color, national origin, religion, age, sex, sexual orientation, pregnancy, disability, genetic information, and/or veteran status. The University also prohibits discrimination on the basis of gender identity and gender expression. Retaliation against persons who oppose a discriminatory practice, file a charge of discrimination, or testify for, assist in, or participate in an investigative proceeding relating to discrimination is prohibited. Constitutionally-protected expression will not be considered discrimination or harassment under this policy. It is the responsibility of all departments, employees and students to ensure the University’s compliance with this policy.
#J-18808-Ljbffr