About Our Client

Our client is a global industry leader in the BPO and customer-experience sector, with major delivery centers across the USA, Mexico, and the Philippines. Serving numerous Fortune 500 and enterprise customers, they consistently outperform competitors on service quality, operational delivery, and client satisfaction.

With 13 000 + employees, 24 × 7 operations, and a collaborative executive team, the company continues to expand rapidly. Its culture balances client excellence with employee engagement, empowering leaders and teams to perform at their best while fostering innovation and accountability.

The Opportunity

The Director / Senior Director, Risk & Compliance acts as the right hand to the Chief Information Security Officer, leading the global Governance, Risk & Compliance (GRC), Client Assurance, and Internal Audit operations that underpin enterprise trust and regulatory readiness.

You will translate policy into practice, ensuring that security, audit, and risk programs deliver measurable results—strong audit outcomes, lower residual risk, faster client assurance cycles, and quantifiable improvement in enterprise compliance posture.

This role blends board-level visibility with operational execution, ideal for a security, risk, or audit leader who thrives on measurable progress and cross-functional impact.

The Ideal Profile

You combine audit discipline, security expertise, and executive polish. You’re hands-on enough to understand control mechanics, but strategic enough to connect them to business value. You thrive on delivering outcomes—fewer findings, faster audits, cleaner dashboards—and enjoy shaping a global culture of trust and accountability.

Working Model & Eligibility

• Ideally Hybrid (~3 days/week) with occasional travel to other US, Mexico, or Philippines sites.

• US work authorization required. No visa sponsorship available.

What You’ll Lead

Governance, Risk & Compliance (GRC)

• Own the GRC framework aligned to NIST, ISO 27001, and COSO/ISO 31000.

• Maintain enterprise-wide policies, control libraries, and testing programs with clear metrics on control coverage and maturity.

• Lead risk identification, assessment, and treatment, maintaining a live risk register with KRIs/KPIs reviewed quarterly.

• Drive measurable risk-reduction initiatives—e.g., closing > 90 % of key audit findings on time and reducing open control exceptions quarter-over-quarter.

Client Assurance & Audit Readiness

• Lead all client security and compliance assessments, ensuring rapid, accurate responses and audit turnaround times that exceed customer expectations.

• Coordinate external audits (SOC 2, PCI, HIPAA, PH DPA, Mexico LFPDPPP) and manage remediation through closure with zero repeat findings.

• Streamline assurance documentation and automate evidence collection to improve cycle time by at least 25 % year-over-year.

Internal Audit Partnership

• Manage day-to-day operations of the Internal Audit plan, partnering with Audit leaders to scope and deliver reviews across IT, Operations, HR, and Finance.

• Track closure of findings, provide quarterly metrics to the Audit Committee, and champion continuous-improvement actions.

Enterprise Risk Enablement

• Facilitate risk workshops with business leaders; integrate insights into strategic planning and program delivery.

• Support BCP/DR exercises and tabletop scenarios (cyber, privacy, fraud) ensuring lessons learned translate into measurable resilience gains.

Leadership & Culture

• Build and mentor a multi-country GRC team across the US, Philippines, and Mexico.

• Promote a proactive, data-driven risk culture—evidenced by rising awareness scores, faster remediation timelines, and cleaner audit results.

• Represent the organization with clients, auditors, and regulators as a credible, trusted voice on security, audit, and compliance.

What You’ll Bring

• 10 + years in information security, audit, or risk; 5 + years in management within a multi-site or global enterprise.

• Demonstrated success building or maturing GRC or audit programs that improved compliance metrics and reduced risk exposure.

• Hands-on familiarity with SOC 2, ISO 27001, PCI, HIPAA, and regional privacy laws (PH DPA, Mexico LFPDPPP).

• Strong understanding of enterprise controls, vendor risk, and cloud security frameworks.

• Exceptional communication—able to brief executives and clients in clear, outcome-focused terms.

• Bachelor’s degree in Information Systems, Accounting, or related discipline; Master’s preferred.

• Certifications such as CISSP, CISA, CISM, CRISC, or CIA highly regarded.

How Success Will Be Measured

• Audit Performance: 100 % of audits delivered per plan; ≥ 90 % of findings closed on schedule; zero repeat findings.

• Client Assurance: Reduction in assessment turnaround time and client escalations; improved external audit ratings.

• Risk Maturity: Quarterly reporting of top enterprise risks with defined mitigation owners and progress tracking.

• Culture: Improved awareness scores and engagement across Security, Audit, and Risk teams.