Senior Director, Compliance

Senior   Director Compliance   College Board   –   IRGRC   ,   Risk   Management   Location :    This   is a remote role. Candidates who live near CB offices have the   option   of being fully remote or hybrid (Tuesday and Wednesday in office). All CB employees   are required to   occasionally travel to meet in person for business purposes.   Type: This is a full-time position   About the Team     The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of   College   Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.       About the Opportunity      As the   Senior   Director, Compliance, you will   lead   College   Board’s external compliance program, contributing to the successful execution of SOC 2, ISO 27001, and PCI DSS audits in partnership with GRC leadership and internal stakeholders. You will work closely under the guidance of the   GRC leadership,   to coordinate with external auditors, and ensure controls are designed, implemented, documented, and   operated   effectively within College Board’s cloud-based systems. Acting as a technical authority for compliance, you will translate framework requirements into practical, auditable technical controls and   lead   closely with engineering and infrastructure teams to embed compliance into system design and   day ‑ to ‑ day   operations. The role   lead s the ongoing development of the compliance program by helping define and mature the compliance strategy, standardize   processes   and   evidence   practices, and collaborate   cross ‑ functionally   with technical and   non ‑ technical   stakeholders to drive accountability, continuous audit readiness, and scalable compliance delivery.   In this role, you will:     Compliance & Audit Execution (40%)   Lead   the execution of external compliance audits (SOC 2, ISO 27001, PCI DSS), by   assisting   with audit planning, scope definition, evidence strategy, walkthrough coordination, issue resolution, and successful delivery of audit results in partnership with GRC leadership   Act as a key liaison to external auditors,   lead ing audit communications, responding to information requests,   participating   in audit discussions, and providing technical context and judgement on findings, clarifications, and interpretation of requirements.   Partner closely with internal stakeholders and control owners across business areas, engineering, legal, and operations to   align on   audit scope, control responsibilities, evidence requirements, and remediation plans throughout the audit lifecycle.   Lead   control readiness and continuous audit preparedness by working with control owners to help ensure controls are designed, implemented, documented, and   operating   effectively throughout the audit period.   Compliance Strategy & Program Maturity (20%)   Lead   the development and execution of College Board’s compliance strategy and roadmap, focused on SOC 2, ISO 27001, PCI DSS, and related frameworks, ensuring alignment with business   objectives   and   cloud ‑ native   operating models in collaboration with GRC leadership.   Contribute to the maturation and scalability of the compliance program by helping standardize control design, documentation, evidence collection, and operating procedures to improve audit efficiency, consistency, and repeatability year over year.   Lead   the establishment and ongoing operation of the compliance governance processes, including control ownership, compliance monitoring, issue tracking, and exception management, to help   maintain   sustained audit readiness and control effectiveness.   Promote a culture of continuous compliance readiness, working with stakeholders to embed compliance requirements into   day ‑ to ‑ day   operations and technical workflows rather than treating audits as   point ‑ in ‑ time   events.   Identify   opportunities to mature the compliance program through automation, continuous monitoring, improved evidence practices, and more scalable audit readiness processes.   Technical Security & Compliance   Lead   (20%)   Provide technical   lead   on   compliance ‑ driven   control design and implementation, ensuring SOC 2, ISO 27001, and PCI DSS requirements are translated into effective, auditable controls within   cloud ‑ native   environments.   Provide guidance and   expertise   during compliance assessments and audits,   lead ing control walkthroughs,   validating   control operation, and confidently explaining system architectures and security mechanisms to auditors.   Participate in the review of technical implementations from a compliance perspective,   identifying   gaps, weaknesses, or audit risks early and recommending pragmatic, scalable remediation approaches.   Collaboration & Delivery (20%)   Build strong working relationships and trust with stakeholders at all levels,   lead ing productive collaboration,   timely   decision ‑ making , and effective resolution of   compliance ‑ related   issues.   Partner with   cross ‑ functional   teams including business areas, engineering, legal, and operations to help ensure compliance requirements are understood, owned, and executed consistently across the organization.   Lead   the coordination of   cross ‑ functional   delivery of compl