Director of Governance, Risk, and Compliance (GRC)

Business Area : IT

Seniority Level : Director

Job Description :

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world's largest enterprises.

We are seeking a highly dynamic and experienced Director of Governance, Risk, and Compliance (GRC) to lead and mature our GRC program. This role is perfect for a strategic leader with 8+ years of experience who excels at building robust programs, managing enterprise risk, and driving operational efficiency through technology.

The Director will define and direct the organization's comprehensive GRC strategy, with a combined focus on traditional program maturity and cutting-edge Compliance Engineering. This leader will secure our digital assets and information systems while reducing the manual burden of compliance through automation.

As a Director of Governance, Risk, and Compliance (GRC), you will :

Develop and direct a best-in-class, enterprise-wide GRC program, ensuring it directly supports the company's growth, customer commitments, and security posture.

Lead, mentor, and manage a team of 8 GRC Analysts, fostering a high-performance, growth-oriented culture centered on continuous improvement and skill development.

Direct the Compliance Engineering function to maximize efficiency through tooling, automation, and system integrations (e.g., GRC platforms, workflow engines, identity systems).

Identify and execute optimization opportunities to significantly reduce audit time, effort, and cost by leveraging technology to automate evidence collection and control monitoring.

Oversee and direct the organization's risk management strategy, proactively securing sensitive data and information systems against evolving threats.

Serve as the security subject matter expert for internal stakeholders, supporting customer inquiries, RFI / RFP responses, and contract reviews.

Collaborate strategically with IT, Product Security, Engineering and Legal / Privacy to embed controls early and ensure security is a competitive differentiator.

Define and manage all external and internal audit engagements, ensuring organizational readiness and successful, timely outcomes across all regulatory mandates.

Direct the TPRM program, overseeing vendor, supply chain, and fourth-party risk assessments and due diligence efforts.

Drive policy creation, expansion, and adoption, establishing clear, actionable standards and controls across the organization.

We are excited about you if you have :

8+ years of progressive experience in Information Security and Technology, with a dedicated focus on Governance, Risk, and Compliance in a high-growth or complex regulatory environment.

Proven, hands-on experience integrating GRC tooling (e.g., ServiceNow GRC) with underlying security systems (e.g., Jira, Identity Providers) to automate controls and reduce manual GRC effort.

Proven track record in building, leading, and maturing enterprise-level Security and Compliance programs.

Regulatory Expertise : Expert knowledge and successful audit completion across key frameworks, including :

Core : SOC 2, ISO 27001 / 27002, PCI DSS, FedRAMP

Preferred : GovRAMP, TX-Ramp, DISP, IRAP, TISAX, ENS, Cyber Essentials+

Exceptional communication, presentation, and stakeholder / customer management skills. Must be adept at translating complex security and compliance concepts into clear business risks and opportunities for executive leadership and external clients.

Strong business acumen with experience aligning security initiatives with tangible business requirements, demonstrating the ability to contribute to security-based revenue enablement.

CISSP, CISM or CISA certification

This role is not eligible for immigration sponsorship.

What you can expect from us :

Generous PTO Policy

Support work life balance with Unplugged Days

Flexible WFH Policy

Mental & Physical Wellness programs

Phone and Internet Reimbursement program

Access to Continued Career Development

Comprehensive Benefits and Competitive Packages

Paid Volunteer Time

Employee Resource Groups

EEO / VEVRAA

#LI-SZ1

#LI-Remote