Senior Director, Compliance
Senior Director Compliance
College Board – IRGRC , Risk Management
Location: This is a remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office). All CB employees are required to occasionally travel to meet in person for business purposes.
Type: This is a full-time position
About the Team
The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.
About the Opportunity
As the Senior Director, Compliance, you will lead College Board’s external compliance program, contributing to the successful execution of SOC 2, ISO 27001, and PCI DSS audits in partnership with GRC leadership and internal stakeholders. You will work closely under the guidance of the GRC leadership, to coordinate with external auditors, and ensure controls are designed, implemented, documented, and operated effectively within College Board’s cloud-based systems. Acting as a technical authority for compliance, you will translate framework requirements into practical, auditable technical controls and lead closely with engineering and infrastructure teams to embed compliance into system design and day‑to‑day operations. The role leads the ongoing development of the compliance program by helping define and mature the compliance strategy, standardize processes and evidence practices, and collaborate cross‑functionally with technical and non‑technical stakeholders to drive accountability, continuous audit readiness, and scalable compliance delivery.
In this role, you will:
Compliance & Audit Execution (40%)
Lead the execution of external compliance audits (SOC 2, ISO 27001, PCI DSS), by assisting with audit planning, scope definition, evidence strategy, walkthrough coordination, issue resolution, and successful delivery of audit results in partnership with GRC leadership
Act as a key liaison to external auditors, leading audit communications, responding to information requests, participating in audit discussions, and providing technical context and judgement on findings, clarifications, and interpretation of requirements.
Partner closely with internal stakeholders and control owners across business areas, engineering, legal, and operations to align on audit scope, control responsibilities, evidence requirements, and remediation plans throughout the audit lifecycle.
Lead control readiness and continuous audit preparedness by working with control owners to help ensure controls are designed, implemented, documented, and operating effectively throughout the audit period.
Compliance Strategy & Program Maturity (20%)
Lead the development and execution of College Board’s compliance strategy and roadmap, focused on SOC 2, ISO 27001, PCI DSS, and related frameworks, ensuring alignment with business objectives and cloud‑native operating models in collaboration with GRC leadership.
Contribute to the maturation and scalability of the compliance program by helping standardize control design, documentation, evidence collection, and operating procedures to improve audit efficiency, consistency, and repeatability year over year.
Lead the establishment and ongoing operation of the compliance governance processes, including control ownership, compliance monitoring, issue tracking, and exception management, to help maintain sustained audit readiness and control effectiveness.
Promote a culture of continuous compliance readiness, working with stakeholders to embed compliance requirements into day‑to‑day operations and technical workflows rather than treating audits as point‑in‑time events.
Identify opportunities to mature the compliance program through automation, continuous monitoring, improved evidence practices, and more scalable audit readiness processes.
Technical Security & Compliance Lead (20%)
Provide technical lead on compliance‑driven control design and implementation, ensuring SOC 2, ISO 27001, and PCI DSS requirements are translated into effective, auditable controls within cloud‑native environments.
Provide guidance and expertise during compliance assessments and audits, leading control walkthroughs, validating control operation, and confidently explaining system architectures and security mechanisms to auditors.
Participate in the review of technical implementations from a compliance perspective, identifying gaps, weaknesses, or audit risks early and recommending pragmatic, scalable remediation approaches.
Collaboration & Delivery (20%)
Build strong working relationships and trust with stakeholders at all levels, leading productive collaboration, timely decision‑making, and effective resolution of compliance‑related issues.
Partner with cross‑functional teams including business areas, engineering, legal, and operations to help ensure compliance requirements are understood, owned, and executed consistently across the organization.
Lead the coordination of cross‑functional delivery of compliance initiatives, helping align timelines, dependencies, and responsibilities to lead audit readiness, remediation efforts, and ongoing control effectiveness.
Communicate compliance expectations, progress, and risks clearly, ensuring stakeholders remain informed, accountable, and aligned throughout audit cycles and compliance activities.
Build trust with internal stakeholders by positioning compliance as a partnership that represents and leads control owners, rather than a policing or “auditor” function.
About You
8-10+ years of progressive experience in networking, information security, and security auditing, with increasing responsibility across technical implementation, control design, risk assessment, and audit leadership.
Background in IT, IT security, security auditing, or IT audit, with the ability to connect technical control design to external audit requirements with proven ability to lead end to end SOC 2, ISO 27001, PCI DSS, or similar audits, with deep practical expertise in control interpretation, cross framework mapping, evidence strategy, audit walkthroughs, and direct engagement with external auditors in cloud-based environments.
Deep, practical knowledge of ISO 27001, SOC 2 (Trust Services Criteria), and PCI DSS, with the ability to translate controls into clear, actionable technical requirements that engineering and operations teams can implement effectively and sustainably.
Strong ability to evaluate and assess cloud native architectures against security best practices, primarily in AWS. A working knowledge of comparable services and controls in Azure and/or Google Cloud Platform preferred.
Solid background in security engineering and networking, with hands on understanding of identity and access management, network segmentation, encryption, logging, monitoring, and secure system design in modern cloud environments.
Prior experience implementing, operating, or leading continuous compliance monitoring capabilities (e.g., automated control monitoring, evidence collection, or compliance tooling) is preferred.
Strong preference for experience leading individuals, project teams, or cross-functional workstreams to measurable outcomes with the ability to work effectively across technical and non-technical teams (business areas, engineering, legal, procurement, operations), building trust and alignment while driving agreement on control ownership, remediation approaches, and audit outcomes.
Exceptional written and verbal communication skills, with the ability to explain complex security risks, audit findings, and control gaps to both technical audiences and senior leadership in a clear, concise manner.
Strong planning, prioritization, and execution skills, capable of managing multiple concurrent audit timelines, remediation efforts, and control dependencies in fast-paced, evolving environments.
Ability to communicate the value of compliance work in clear business terms, helping stakeholders understand how audit readiness, effective controls, and timely remediation reduce risk, protect trust, and lead College Board’s mission.
Exceptional candidates can effectively speak to:
Security certifications (e.g., CISSP, CRISC, CISM, CISA) preferred.
Bachelor’s degree required.
All roles at College Board require:
A passion for expanding educational and career opportunities and mission-driven work grounded in our Operating Principles and Manager Expectations.
Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.
Clear and concise communication skills, written and verbal
A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success
The ability to travel 3-4 times a year to College Board offices or on behalf of College Board business.
Authorization to work in the United States
About Our Process
Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.
While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.
What We Offer
At College Board, we offer more than a paycheck- we provide a meaningful career, a leadive team, and a comprehensive package designed to help you thrive. We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market.
A Thoughtful Approach to Compensation
The hiring range for this role is $120,000 –$175,000.
Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
We adjust salaries by location to ensure fairness, no matter where you live.
You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process. Check out our careers page for more.
#LI- Remote
#LI- MD1