Back to jobs
New

Director, Security Governance Risk & Compliance

London, England, United Kingdom

Who we are:

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.

We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.

Your Role

As Director, Governance Risk & Compliance, you are responsible for defining and leading Global Relay’s Governance, Risk & Compliance function. Reporting to the Chief Information Security Officer, you establish the frameworks, governance structures and operating model that enable consistent security decision-making, transparent risk management and trusted assurance across the organization.

You provide strategic leadership for security governance, risk management, assurance, cybersecurity compliance, third-party risk management and security awareness programs. Working closely with executive leadership, business stakeholders and technology teams, you translate complex security and technology risks into business context, influence strategic priorities and ensure the organization maintains a strong and resilient security posture while meeting regulatory, contractual and organizational requirements. You ensure emerging technologies, including AI, are governed in a manner that aligns with organizational objectives, risk appetite and regulatory obligations.

Your Job

  • Define and maintain the enterprise security governance framework, including policies, standards, control frameworks and governance processes.
  • Establish and evolve the security risk management methodology, ensuring risks are consistently identified, assessed, managed and reported.
  • Lead security governance forums and risk committees, ensuring effective oversight, escalation                   and decision-making.
  • Define and communicate the organization's security risk posture, emerging risks and strategic priorities to executive leadership.
  • Establish and oversee the enterprise security assurance strategy, including control testing, continuous assurance and remediation validation activities.
  • Oversee security audits, certifications and external assessments, including ISO 27001, SOC 2, FedRAMP, ISO 42001 and other applicable frameworks.
  • Establish and oversee governance processes for emerging technologies, including AI, ensuring associated risks, regulatory requirements and control expectations are appropriately integrated into governance, risk management, assurance and compliance activities.
  • Provide strategic oversight of third-party security risk management activities.
  • Establish and oversee the enterprise security awareness and training program.
  • Define security metrics, key risk indicators and reporting requirements to measure program effectiveness and support risk-informed decision-making.
  • Partner with Legal, Privacy, Product, Engineering and Operations leaders to integrate security governance and risk management practices across the organization.
  • Lead, develop and mentor Governance, Risk & Compliance leaders and analysts.
  • Drive continuous improvement and maturity across governance, risk, assurance and security compliance capabilities.
  • Act as a trusted advisor to executive leadership on governance, risk, compliance and emerging technology governance matters.

About You

  • 10-15+ years of experience in cybersecurity, governance, risk management, audit, compliance or related disciplines.
  • 5+ years of leadership experience managing teams and security programs.
  • Strong understanding of governance, risk management, assurance and compliance principles.
  • Experience leading audits, certifications and regulatory assessments.
  • Deep knowledge of frameworks such as ISO 27001, SOC 2, NIST, FedRAMP and CIS Controls.
  • Knowledge of emerging technology governance concepts, evolving regulatory requirements and industry frameworks, including ISO/IEC 42001.
  • Experience presenting complex security and technology risks to executive leadership.
  • Strong business acumen and the ability to balance risk, operational and business objectives.
  • Demonstrated ability to influence organizational decisions and drive change.
  • Excellent leadership, coaching and stakeholder management skills.
  • Certifications such as CISSP, CISM, CRISC, CISA or equivalent are preferred.

 

What you can expect:

At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills.

Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion.

We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual.

To learn more about our business, culture, and community involvement, visit www.globalrelay.com.

Create a Job Alert

Interested in building your career at Global Relay? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...
Select...
Select...
Select...
Upon submission of your application, the personal data contained in your application will be collected by Global Relay Communications Inc. (“Global Relay” or “Controller”), whose headquarters are located at 220 Cambie Street, 2nd Floor, Vancouver, BC, Canada, V6B 2M9. Global Relay can be contacted at (604) 484-6630. Global Relay’s data protection officer is Laurence Lafond, who can be contacted at privacy@globalrelay.net.
Your personal data will be processed for the purposes of managing Global Relay’s recruitment related activities. This includes organizing and conducting interviews, assessing your suitability for the role, organizing and conducting tests (as applicable) and evaluating the results of such tests, and other processing activities that Global Relay deems necessary in the recruitment and hiring process. This processing is permitted under Article 6(1)(f) of Regulation (EU) 2016/679 (GDPR) and Article 6(1)(f) of UK General Data Protection Regulation for the purpose of Global Relay’s legitimate interests, which include growing the business and recruiting and hiring personnel best suited for roles at Global Relay. Further information on our legitimate interests may be available upon request. If you are applying for a role in the UK and Global Relay processes personal data relating to criminal offences or convictions under Article 10 of GDPR and UK GDPR, Global Relay will do so on the condition of “consent” as permitted under Section 29 of Schedule 1 of the Data Protection Act, 2018 (c.12). Global Relay may utilize automated decision and profiling tools, such as Predictive Index, to assist in determining whether a candidate is suitable for a particular role. Failure by an applicant to provide personal data required by Global Relay for the recruitment and hiring process may result in the applicant being removed from consideration for the role.
Global Relay is headquartered in Canada. Accordingly, upon submission, your personal data will be transferred to Canada, which is considered by the European Commission to provide adequate protection for the collection of personal data from EU data subjects. Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf, and may be shared with other third party service providers to the extent necessary for the assessment of candidates, to conduct tests for applicants or perform other due diligence necessary in the recruitment process (including, for example, credit checks or criminal offence checks). Where personal data is transferred to counties that are not considered to provide adequate protection by the European Commission (e.g. the United States), the transfer of your personal data to third parties in those countries will be transferred under additional safeguards permitted under GDPR, such as Standard Contractual Clauses.
If you are rejected from a role your personal data will be retained by Global Relay, by default, for 365 days from the completion of your submission for a particular role. Under the GDPR, you have the right to data portability, to request access to your personal data, to request that your personal data be rectified or erased, to request that processing of your personal data be restricted, and the right to object to processing. You also have the right lodge a complaint with an EU supervisory authority. To the extent that you have questions or concerns about your personal data, please reach out to privacy@globalrelay.net.

UK Diversity & Equality Survey

STRICTLY CONFIDENTIAL

Global Relay is committed to promoting equality, diversity and inclusion. To help ensure our processes are fair and accessible to everyone, we ask applicant to complete this voluntary monitoring form.

Global Relay’s policy is to ensure that no job applicant or employee receives less favourable treatment or is discriminated against under the Equality Act 2010. The protected characteristics under this act are (in no particular order): age, disability, gender reassignment, marriage and civil partnership, pregnancy or maternity, race, religion or belief, sex and sexual orientation.

Completing this form is voluntary. The information provided will be kept confidential. The information is going to be used to help us understand the diversity of our organisation.

None of the information you provide will be linked to your application.

Protecting your Data

Any information provided will be used only to help us monitor equality and diversity. It will be treated confidentially and reported in an anonymous, statistical format.

For more information about how we handle personal data and your rights, please refer to our Privacy Statement available on our website. 

Select...
Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Global Relay’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.