Director Cyber Governance Risk & Compliance Cybersecurity Department Summary The Director Cyber Governance Risk & Compliance serves as a senior leader within the cybersecurity function operating at the intersection of cybersecurity client trust regulatory compliance and business strategy. The role requires both strategic advisory and hands-on delivery is critical in effectively managing cyber risk for the firm maintaining trust and assurance with clients and ensuring the firms control environment addresses emerging threats. Apply Qualifications Minimum of 15 years experience in cybersecurity with 10 years experience running governance risk and compliance GRC or equivalent functions. Demonstrated track record of planning and executing successful information security strategies programs and processes in a highly sophisticated global environment. Proven ability to balance hands-on delivery with strategic advisory moving seamlessly between execution stakeholder guidance and senior-level decision support. Exceptional interpersonal skills with the ability to lead and influence stakeholders to foster broad commitment. Demonstrates good written and oral communications skills and communicates effectively. Duties and Responsibilities Information Security Governance Strengthen and optimize the Cybersecurity governance framework and related documentation to ensure continuous alignment with industry-leading practices regulatory requirements and corporate insurability standards such as NIST CSF ISO 27001 EUUK GDPR HIPAA and CMMC. Maintain the firms Governance Risk and Compliance GRC framework and controls baseline compliance defining adherence to industry frameworks and regulations. Coordinate with the Chief Compliance Officer and Data Protection Officer DPO to review and track client security obligations including those specified in outside counsel guidelines. Oversee the firms cyber policies including annual review cycles control alignment and executive approval workflows Client Assurance Lead and support client cybersecurity assessments due diligence questionnaires and evidence walkthroughs that directly impact client onboarding and retention. Translate technical controls into client-ready responses and regularly present to clients. Review and advise on cybersecurity provisions in client agreements outside counsel guidelines and DPAs ensuring commitments are operationally achievable and defensible. Cyber Risk Management Oversee the enterprise cyber risk management program including risk intake risk register governance mitigation tracking and stakeholder coordination. Prepare and deliver executive-level reporting and materials for senior leadership including Security Risk Committee updates risk narratives and investment recommendations. Experience working with and implementing NIST and ISO 27001 standards. Working knowledge of regulatory data governance obligations such as EUUK GDPR HIPAAHITECH ITAREAR and CMMC a plus. Bachelors degree required advanced degree and CISSP CISM CRISC CISA or equivalent certification preferred. Expert working knowledge of security principles risk assessment risk management control frameworks and third-party risk management. Position requires access to equipment software or technology that is subject to U.S. export controls. To be granted access pursuant to US Export Control laws candidate must be either a a United States citizen or national b a person lawfully admitted for permanent residence of the United States i.e. Green Card" holder or c an INS-approved refugee or asylum holder who has applied for naturalization within six months of the date the individual first became eligible and if not yet naturalized is still actively pursuing naturalization if 2 years have passed since the date of application to be granted access pursuant to US Export Control laws. Candidates will be required to submit appropriate documentation to determine whether access can be granted before proceeding further through the application process. Develop data -driven dashboards communicating the Firms current cyber risk posture utilizing Key Risk Indicators KRIs Key Performance Indicators KPIs and cyber trends to offer actionable insights. Conduct targeted risk assessments on critical systems proactively identifying risks and hardening opportunities and working with key stakeholders to develop appropriate. Evaluate emerging technology and AI-enabled tools to ensure alignment with firm risk appetite and client obligations. Cyber Compliance Collaborate closely with IT and Compliance Teams to validate the effectiveness of security practices ensuring alignment with relevant standards and thorough documentation in policies and procedures. Ensure the effectiveness of Security Training and Awareness processes educating employees regularly and effectively about their security responsibilities and periodically testing employees resilience and knowledge through anti-phishing tests and other exercises. Oversee ISO 27001 and CMMC compliance activities including audit readiness evidence management internal audits and management review processes. Third Party Risk Management TPRM Engage with the Procurement department and other internal stakeholders to evaluate and manage Cybersecurity risks related to third- party vendors and service providers ensuring proper implementation of contractual obligations and security controls. Manage the Third-Party Risk Management TPRM function involving vendor triaging risk assessment security clause implementation monitoring and additional diligence when necessary. Perform other duties as assigned by Firm management. Uphold high standards of confidentiality discretion and integrity particularly with respect to all sensitive andor confidential firm and client information to which this position will have access. Status Exempt Workplace Type Remote position may require travel to DC or NY office Salary range is 230000 - 370000 depending on candidate location and experience. Candidates hired for staff positions with a minimum work schedule of 30 hours per week are eligible for a comprehensive benefits package including healthcare insurance. Learn more about benefits at Covington. httpswww.cov.comencareersstaffbenefits View Covington job applicant privacy notice here httpswww.cov.comenjob -applicant -privacy -notice Covington & Burling LLP is an equal opportunity employer and does not discriminate in any aspect of employment including hir ing salary promotion discipline termination and benefits on the basis of race color ethnicity religion national origin g ender gender identity or expression age marital status sexual orientation family responsibility disability including physical handicap or any other improper criterion. Covington will consider qualified applicants with arrest or conviction records for employment in accordance with applicable l aws including the California Fair Chance Act the Los Angeles Fair Chance Initiative for Hiring Fair Chance Ordinance the Los Ang eles County Fair Chance Ordinance and the San Francisco Fair Chance Ordinance.