SeniorDirector Compliance

College Board–IRGRC ,RiskManagement

Location: Thisis a remote role. Candidates who live near CB offices have theoptionof being fully remote or hybrid (Tuesday and Wednesday in office). All CB employeesare required tooccasionally travel to meet in person for business purposes.

Type: This is a full-time position

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security ofCollegeBoard’s information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.    

About the Opportunity

As theSeniorDirector, Compliance, you willleadCollegeBoard’s external compliance program, contributing to the successful execution of SOC 2, ISO 27001, and PCI DSS audits in partnership with GRC leadership and internal stakeholders. You will work closely under the guidance of theGRC leadership,to coordinate with external auditors, and ensure controls are designed, implemented, documented, andoperatedeffectively within College Board’s cloud-based systems. Acting as a technical authority for compliance, you will translate framework requirements into practical, auditable technical controls andleadclosely with engineering and infrastructure teams to embed compliance into system design andday‑to‑dayoperations. The roleleads the ongoing development of the compliance program by helping define and mature the compliance strategy, standardizeprocessesandevidencepractices, and collaboratecross‑functionallywith technical andnon‑technicalstakeholders to drive accountability, continuous audit readiness, and scalable compliance delivery.

In this role, you will:

Compliance & Audit Execution (40%)

Leadthe execution of external compliance audits (SOC 2, ISO 27001, PCI DSS), byassistingwith audit planning, scope definition, evidence strategy, walkthrough coordination, issue resolution, and successful delivery of audit results in partnership with GRC leadership

Act as a key liaison to external auditors,leading audit communications, responding to information requests,participatingin audit discussions, and providing technical context and judgement on findings, clarifications, and interpretation of requirements.

Partner closely with internal stakeholders and control owners across business areas, engineering, legal, and operations toalign onaudit scope, control responsibilities, evidence requirements, and remediation plans throughout the audit lifecycle.

Leadcontrol readiness and continuous audit preparedness by working with control owners to help ensure controls are designed, implemented, documented, andoperatingeffectively throughout the audit period.

Compliance Strategy & Program Maturity (20%)

Leadthe development and execution of College Board’s compliance strategy and roadmap, focused on SOC 2, ISO 27001, PCI DSS, and related frameworks, ensuring alignment with businessobjectivesandcloud‑nativeoperating models in collaboration with GRC leadership.

Contribute to the maturation and scalability of the compliance program by helping standardize control design, documentation, evidence collection, and operating procedures to improve audit efficiency, consistency, and repeatability year over year.

Leadthe establishment and ongoing operation of the compliance governance processes, including control ownership, compliance monitoring, issue tracking, and exception management, to helpmaintainsustained audit readiness and control effectiveness.

Promote a culture of continuous compliance readiness, working with stakeholders to embed compliance requirements intoday‑to‑dayoperations and technical workflows rather than treating audits aspoint‑in‑timeevents.

Identifyopportunities to mature the compliance program through automation, continuous monitoring, improved evidence practices, and more scalable audit readiness processes.

Technical Security & ComplianceLead(20%)

Provide technicalleadoncompliance‑drivencontrol design and implementation, ensuring SOC 2, ISO 27001, and PCI DSS requirements are translated into effective, auditable controls withincloud‑nativeenvironments.

Provide guidance andexpertiseduring compliance assessments and audits,leading control walkthroughs,validatingcontrol operation, and confidently explaining system architectures and security mechanisms to auditors.

Participate in the review of technical implementations from a compliance perspective,identifyinggaps, weaknesses, or audit risks early and recommending pragmatic, scalable remediation approaches.

Collaboration & Delivery (20%)

Build strong working relationships and trust with stakeholders at all levels,leading productive collaboration,timelydecision‑making, and effective resolution ofcompliance‑relatedissues.

Partner withcross‑functionalteams including business areas, engineering, legal, and operations to help ensure compliance requirements are understood, owned, and executed consistently across the organization.

Leadthe coordination ofcross‑functionaldelivery of compliance initiatives, helping align timelines, dependencies, and responsibilities toleadaudit readiness, remediation efforts, and ongoing control effectiveness.

Communicate compliance expectations, progress, and risks clearly, ensuring stakeholdersremaininformed, accountable, and aligned throughout audit cycles and compliance activities.

Build trust with internal stakeholders by positioning compliance as a partnership thatrepresentsandleadscontrolowners, rather than a policing or “auditor” function.

About You

8-10+ years of progressive experience in networking, information security, and security auditing, with increasing responsibility across technical implementation, control design, risk assessment, and audit leadership.

Background in IT, IT security, security auditing, or IT audit, with the ability to connect technical control design to external audit requirements with proven ability toleadend to end SOC 2, ISO 27001, PCI DSS, or similar audits, with deep practical expertise in control interpretation, cross framework mapping, evidence strategy, audit walkthroughs, and direct engagement with external auditors in cloud-based environments.

Deep, practical knowledge of ISO 27001, SOC 2 (Trust Services Criteria), and PCI DSS, with the ability to translate controls into clear, actionable technical requirements that engineering and operations teams can implement effectively and sustainably.

Strong ability to evaluate and assess cloud native architectures against security best practices, primarily in AWS. A working knowledge of comparable services and controls in Azure and/or Google Cloud Platform preferred.

Solid background in security engineering and networking, with hands on understanding of identity and access management, network segmentation, encryption, logging, monitoring, and secure system design in modern cloud environments.

Prior experience implementing,operating, orleading continuous compliance monitoring capabilities (e.g., automated control monitoring, evidence collection, or compliance tooling) is preferred.

Strong preference for experience leading individuals, project teams, or cross-functional workstreams to measurable outcomeswith the ability to work effectively across technical and non-technical teams (business areas, engineering, legal, procurement, operations), building trust and alignment while driving agreement on control ownership, remediation approaches, and audit outcomes.

Exceptional written and verbal communication skills, with the ability to explain complex security risks, audit findings, and control gaps to both technical audiences and senior leadership in a clear, concise manner.

Strong planning, prioritization, and execution skills, capable of managing multiple concurrent audit timelines, remediation efforts, and control dependencies in fast-paced, evolving environments.

Ability to communicate the value of compliance work in clear business terms, helping stakeholders understand how audit readiness, effective controls, andtimelyremediation reduce risk, protect trust, andleadCollege Board’s mission.

Exceptional candidates can effectively speak to:

Security certifications (e.g., CISSP, CRISC, CISM, CISA)preferred.

Bachelor’sdegreerequired.

All roles at College Board require:

A passion for expanding educational and career opportunities and mission-driven workgrounded inourOperating Principles and Manager Expectations.

Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.

Clear and concise communication skills, written and verbal

A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receivingtimely, respectful feedback, and continuously improving through iterative learning and user input.

A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.

A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success

The ability to travel3-4 times a year to College Board offices or on behalf of College Board business.

Authorization to work in the United States

About Our Process

Application review will beginimmediatelyand will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.

Whilethehiring processmay vary, it generallyincludes:resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

What We Offer

At College Board, we offer more than a paycheck- we provide a meaningful career, aleadiveteam, and a comprehensive package designed to help you thrive.We’rea self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach to Compensation

The hiring range for this role is $120,000–$175,000.

Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.

We aim to make our best offer upfront, rooted in fairness, transparency, and market data.

We adjust salaries by location to ensure fairness, no matter where you live.

You’llhave open, transparent conversations about compensation, benefits, and whatit’slike to work at College Board throughout your hiring process. Check outourcareers pagefor more.

Remote

MD1

We believe the road to college should come with directions.

College Board is a mission-driven not-for-profit organization that connects students to college success and opportunity. Founded in 1900, College Board was created to expand access to higher education. Today, the membership association is made up of over 6,000 of the world’s leading educational institutions and is dedicated to promoting excellence and equity in education. Each year, College Board helps more than seven million students prepare for a successful transition to college through programs and services in college readiness and college success—including the SAT, the Advanced Placement Program, and BigFuture. The organization also serves the education community through research and advocacy on behalf of students, educators, and schools.

Senior Director, Compliance