Information Security & Data Governance Lead (US)

Lead Information Security and Data Governance program across multiple jurisdictions. Responsibilities include developing, implementing, and maintaining information and cyber security policies aligned with ISO 27001, NIST CSF, and CIS Controls; conducting risk assessments across IT, cloud, and OT environments; supporting incident response planning; embedding secure-by-design principles; establishing and enforcing an enterprise data governance framework with data classification, retention, and protection standards; ensuring GDPR, UK DP Act, and US privacy-law compliance; promoting data ownership and lifecycle management; leading internal and external audit activities; managing third-party/vendor risk; designing enterprise cybersecurity awareness programs and phishing simulations; and providing governance, risk, and compliance advisement to leadership. Desirable certifications include CISSP, CISM, CRISC, CISA, CDMP, and experience with GRC tools like ServiceNow GRC, RSA Archer, MetricStream. The role operates across multiple jurisdictions as a senior individual contributor with no direct reports and requires autonomy and proactive continuous improvement in regulatory and threat landscapes.