Senior Lead - IT Governance, Risk and Compliance

In short

Join On’s Information Security team and play a pivotal role in shaping and executing our risk and compliance strategies. You’ll develop robust governance processes aligned with key frameworks like NIST, ISO 27001, and SEC requirements while monitoring performance and risk indicators to ensure our innovation-driven culture thrives safely. You'll also spearhead initiatives to protect critical data assets using advanced security tools and lead regular vendor risk assessments to strengthen our supply chain security.You'll be the architect of a security-first culture by designing engaging training programs and promoting cross-functional collaboration across the organization. Your responsibilities will extend to enhancing our operational resilience by developing and testing Cyber Incident Plans and Playbooks, ensuring quick recovery from disruptions. You'll also work closely with internal and external stakeholders to support compliance and audit processes, continuously improving our security posture and ensuring we remain agile in a fast-paced environment.

Your Mission

• Establish and maintain governance processes that align with regulatory requirements (e.g., NIST, ISO 27001, SEC) while supporting On’s innovation-driven culture.
• Define and track key performance and risk indicators (KPIs and KRIs) to measure the success of risk mitigation strategies.
• Prioritize the protection of critical data assets across all technological layers, using cutting-edge security tools and methodologies.
• Align supply chain risk processes with industry standards and conduct regular vendor risk assessments to mitigate risks stemming from third-party relationships.
• Design and deliver tailored security education programs that empower employees at all levels to understand and mitigate risks and foster collaboration between cross-functional teams to promote a proactive, resilience-focused mindset across the organization.
• Lead the development and maintenance of the Cyber Incident Plan and Playbooks, conduct table-top exercises to ensure organizational resilience in the face of disruptions.
• Collaborate with external auditors, regulatory bodies, and internal stakeholders to facilitate seamless compliance with regulatory requirements and internal controls. Prepare for and support audits, ensuring findings are addressed and improvements are implemented effectively.