Senior Director - Governance, Risk, & Compliance (GRC)

What success looks like in this role: The Senior Director – GRC is a strategic leadership role responsible forCreating the vision for the GRC programClear understanding of the business and how the GRC function can be a business enablerSupport the CISOThis role ensures alignment with regulatory requirements, industry standards, and business objectives while providing executive oversight across risk, audit, compliance, and assurance functions.The position partners closely with the internal teams - CISO, BISO’s, Corporate IT and cross-functional teams (Privacy, Legal, HR, Procurement, Corporate Real Estate), and external teams - Vendors and Customers to drive a risk-aware culture, strengthen control frameworks, and enable secure business growth.Key Responsibilities1. GRC Strategy & GovernanceDefine and execute the enterprise GRC strategy aligned to cybersecurity and business objectivesEstablish governance frameworks, policies, standards, and operating models across GISProvide executive reporting to CISO, senior leadership, and Board-level committees on risk posture and compliance statusDrive continuous improvement of GRC maturity leveraging frameworks such as NIST CSF and ISO 270012. Risk Management (Cyber & IT Risk)Own the Cybersecurity area within the Enterprise Risk Management (ERM) program including risk identification, assessment, mitigation, and reportingMaintain and govern the centralized risk register in the GRC tool and ensure timely updates across BUs through the BISOs and other corporate functions.Define risk appetite, tolerance, and escalation mechanismsFacilitate risk-based decision-making processes including Policy exception and risk acceptance processes and criteria.3. Compliance & Regulatory ManagementEnsure compliance with global and regional regulatory requirements (e.g., SOX ITGC, NIS2, DORA, GDPR, CRA as applicable)Govern adherence to industry standards and certifications:ISO 27001, ISO 22301, ISO 20000 and ISO 9000Corporate SOC 1 Type II, Client Specific SOC 2 Type IINIST, PCI-DSS, Cyber Essentials Plus and other regional certificationsOversee internal controls design, testing, and remediation trackingAct as the primary escalation point for compliance risks and audit findings4. Audit & AssuranceProvide executive oversight for:Internal audits (IA), external audits, and regulatory reviewsAudit planning, execution coordination, and closure of findingsGovern audit partner relationships and ensure audit readiness across the organizationEnsure effective remediation and closure of audit findings within defined timelines5. Third-Party Risk Management (TPRM)Lead the enterprise TPRM program including:Risk assessments of suppliers and partnersSecurity clauses in supplier contractsPartner with Procurement, Legal, and Privacy functionsEnsure continuous monitoring of third-party risk posture through Security Rating tools6. Policy, Standards & Control FrameworkEstablish and maintain corporate information security policies, standards, and proceduresEnsure alignment with control frameworks (ISO, NIST)Govern policy lifecycle management, including annual reviews, approvals, updates, and awareness.Standardize documentation and ensure consistency across GIS artifacts7. Security Awareness & CultureProvide executive sponsorship to Security Awareness & Training programsEnsure alignment of training with risk landscape and organizational prioritiesMonitor effectiveness through metrics, reporting, and behavioral risk reduction8. Business Continuity and Disaster Recovery  Define, implement and test Business Continuity and Disaster recovery plans across the defined scope of the enterprise.Work closely with the Enterprise Resilience team to align Business Continuity Plans with Corporate Crisis Management plans9. Business & Client EngagementSupport client security assurance activities:RFP/RFI responsesSecurity questionnairesContract and security exhibit reviewsAct as executive point of contact for key customers on security governance matters10. Metrics, Reporting & Governance Define KPIs/KRIs for all domains of GIS and report out through Monthly automated dashboards.Lead governance forums such as: Risk Review Boards and Policy Exception Review BoardsDrive data-driven decision making and transparency across stakeholdersPreparation of slides for Board and CISO11. Team Leadership Lead a global GRC organization including Risk, Compliance, Audit, TPRM, Policy, BCM/DR functionsProvide leadership oversight to the GIS India associates as the ‘GIS India leader’ and build high-performing teams and ensure capability maturityYou will be successful in this role if you have:Experience & Qualifications18–25+ years in IT / Information Security with:12+ years in cybersecurity8+ years in GRC leadership rolesStrong experience across:Risk management, audit, compliance, and policy frameworksEnterprise-scale GRC program leadershipPrior experience interacting with:Executive leadership (CISO, CIO, COO, Risk Committee)Regulators and external auditorsPreferred CertificationsCISA / CISM / CRISC / CISSPISO 27001 Lead Implementer / Lead AuditorSuccessful Candidate Will Have:Mature, scalable GRC operating model across geographiesStrong audit outcomes with minimal findings and timely remediationClearly articulated and quantified enterprise risk postureHigh stakeholder confidence (Risk Committee, Clients, Regulators)Measurable reduction in security and compliance riskReporting StructureReports to: Chief Information Security Officer (CISO)Direct reports: Heads of Risk, Compliance, TPRM, Audit, Policy & BCM, Program Manager for Security AwarenessUnisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender