Director of IT Governance, Risk and Compliance

Director of IT Governance, Risk and Compliance Orion Federal Credit Union - 3.5 Memphis, TN Job Details 1 day ago Qualifications Regulatory inspections Certified Information Systems Auditor Stakeholder engagement Strategic management Internal controls Vulnerability assessment Bachelor's degree in information technology

COBIT ISO

standards Regulatory compliance

CISSP IT

auditing Compliance audits & assessments Data reporting

SOX CISM

Information security compliance Analysis skills Bachelor's degree IT security architecture System risk assessment (security system operation) NIST standards Industry knowledge of financial regulations Risk management Third-party risk management Vulnerability management IT Financial services Overseeing audit functions Senior level Bachelor's degree in cybersecurity Escalation handling Vendor risk management CRISC Senior leadership Stakeholder management Information Technology Full Job Description Job Description Posted Tuesday, April 21, 2026, 12:00 AM

POSITION PURPOSE

The Director of IT Governance, Risk and Compliance provides strategic leadership and oversight of the organization's IT risk posture, governance frameworks, and regulatory compliance within a financial services environment. This role reports to the CIO and ensures alignment between IT risk management practices and the institution's risk appetite, while enabling secure, compliant, and resilient technology operations. The director serves as a key liaison to regulators and internal audit, leads enterprise IT risk programs, and partners closely with information security, legal, compliance, and business units to proactively identify, assess, and mitigate risk across systems, vendors, and emerging technologies.

ESSENTIAL FUNCTIONS AND BASIC DUTIES 1.

Define And maintain the IT risk management framework, ensuring alignment with enterprise risk appetite and business strategy. 2. Develop and execute a multi year IT risk maturity road map, including governance, controls, and reporting enhancements. 3. Provide executive level and board reporting on IT risk posture, trends, and emerging threats. 4. Establish and oversee IT governance structures, policies, standards, and procedures. 5. Lead enterprise IT risk assessments, including infrastructure, applications, and security architecture reviews. 6. Identify vulnerabilities, evaluate risk exposure, and ensure timely mitigation of identified issues. 7. Oversee risk acceptance processes and provide escalation authority for material IT and security risks. 8. Review and challenge risk decisions, ensuring consistency with organizational risk tolerance. 9. Serve as primary point of contact for IT regulatory examinations and audits. 10. Manage IT exam life cycle, including preparation, coordination, and response. 11. Oversee tracking, reporting, and remediation of IT findings from regulators and internal/ external audits. 12. Maintain comprehensive documentation of audits, findings, and corrective actions. 13. Interpret and operationalize regulatory requirements related to IT systems, data protection, and information security to include SOX, data privacy laws, and financial regulations. 14. Develop and implement strategies to ensure ongoing compliance with applicable laws and standards. 15. Partner with legal and compliance teams to monitor regulatory changes and assess impact on IT controls. 16. Provide oversight of IT risk associated with third party vendors, including material risk vendor reviews and escalations. 17. Collaborate with vendor management teams to ensure adequate controls and risk mitigation strategies. 18. Assess risks associated with new technologies, products, and services, ensuring appropriate governance and control implementation. 19. Partner closely with information security to align on security controls, risk assessments, and remediation priorities. 20. Work with business and technology stakeholders to embed risk management practices into day-to-day operations. 21. Promote a strong risk-aware culture across the organization.

QUALIFICATIONS EDUCATION/CERTIFICATION

Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field. Advanced degree preferred. Relevant certifications preferred (e.g., CISM, CRISC, CISSP, CISA)

REQUIRED KNOWLEDGE

Strong understanding of SOX, data privacy regulations, and technology compliance requirements.

EXPERIENCE REQUIRED

Ten or more (10+) years of progressive experience in IT risk management, IT audit, information security, or governance within financial services or a highly regulated industry. Deep expertise in IT risk frameworks, such as

NIST, COBIT, ISO

27001, and regulatory environments. Proven experience managing regulatory exams and audit engagements.

SKILLS/ABILITIES

Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership. Demonstrated ability to lead complex risk programs and influence senior stakeholders, including executive leadership. Very strong analytical & problem-solving skills Successful candidates must pass pre-employment credit checks, background checks, and drug screens. Orion Financial is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, national origin or any other federal or state protected class. We maintain a drug-free workplace and perform pre-employment substance abuse testing. If you are unable to complete this application due to a disability, contact us to ask for an accommodation or an alternative application process. Job Details Pay Type Salary Education Level Bachelor's Degree 400 Monroe Ave, Memphis, TN 38103, USA