Director, Internal Assurance

Director, Internal Assurance 

College Board – Risk Management Division 

Location: This is a fully remote role.  

Type:  This is a full-time position 

 About the Team  

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board collaborates closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by supporting customer-facing initiatives such as third-party issued audits & certifications (ISO 27001:2022, PCI 4.0, and SOC2),  responding to security questionnaires to existing and potential customers, assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, providing disaster response and recovery oversight, testing system strength using industry-recognized frameworks, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.   

About the Opportunity   

In this role you will :

• Conduct internal audits to assess the effectiveness of security and technical controls

• Assess and evaluate controls for compliance with frameworks such as ISO27001:2022, SOC2, PCI 4.0, SOX IT General Controls, NIST 800-53 and HECVAT

• Identify and document control design and operating deficiencies and recommend improvements

• Collaborate with Technology, Security, GRC and business teams to develop remediation plans

• Prepare detailed audit reports and present findings to senior management

• Develop and maintain internal audit programs, procedures, workpapers and annual plans

• Demonstrate Internal Audit/Assurance function to external auditors in applicable audit and certification walkthroughs and engagements

• Stay up to date with industry’s best practices and regulatory requirements

• Perform compliance readiness assessment and provide recommendations to Business, Technology and Security partners on identified gaps

About You  

You have :

• Bachelor’s degree in information technology, Management Information Systems, or equivalent program required with one or more current Information Security and/or Privacy certifications preferred (e.g., CISA, CRISC, ISO27001 Auditor)

• 10 or more years of hands-on experience in IT audit, particularly in technology and security controls (e.g., SOC 2 with 5 Trust Services Criteria)

• Experience leading and managing audits such as SOC2, PCI 4.0, ISO27001:2022, CSA CCM, HECVAT, NIST 800-53, SOX, SOC1, or similar types of audits

• Familiarity with Information Security principles and knowledge of IT processes (e.g., Access Management, Change Management, Vulnerability Management and Risk Management) 

• Knowledge about risks and controls in Cloud environments such as AWS and Azure 

• Experience in performing control design and operating effectiveness testing for controls applicable to SOC2, ISO27001:2022, PCI 4.0, and SOX IT General Controls frameworks and industry standards

• Experience managing relationships with auditors and internal cross-functional teams

• Exceptional knowledge of InfoSec governance practices including risk, audit, policy and standard development, metrics development, and education and training

• Excellent analytical, verbal, and written communication skills, including the ability to facilitate meetings and presentations both remotely and in-person

• Strong technical, project management and time management skills are necessary for this role

• Strong organization and prioritization skills and ability to manage multiple tasks simultaneously, both independently and as a member of the team, including understanding of agile methodologies

• Adept critical thinking skills, including use and analysis of data to inform decisions and actions

• A commitment to excellence, an insatiable appetite for continuous improvement, and a constant need to learn and practice

• Demonstrate high Emotional Intelligence (EQ) to effectively collaborate with diverse teams in a fully remote setting

• Ability to travel to our Reston or New York office 3-4 times per year

• Excellent PowerPoint, Word, Excel, and MS Project skills

• Proven ability to build relationships and influence others to action

• Authorization to work in the United States

About Our Process   

• Application review will begin immediately and will continue until the position is filled

• While the hiring process may vary, it generally includes resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks

About Our Benefits and Compensation 

College Board offers a competitive benefits and compensation program that attracts top talent looking to make a difference in education. As a self-sustaining non-profit, we believe in compensating employees equitably in relation to each other, their qualifications, their impact, and the relevant market.  

The hiring range for a new employee in this position is $104,000 to $150,000. College Board differentiates salaries by location so where you live will narrow the portion of this range in which you can expect a salary.  

Your salary will be carefully determined based on your location, relevant experience, the external labor market, and the pay of College Board employees in similar roles. College Board strives to provide our best offer up front based on this criterion.  

Your salary is only one part of all that College Board offers, including but not limited to:    

• A comprehensive package is designed to support the well-being of employees and their families and promote education. Our robust benefits package includes health, dental, and vision insurance, generous paid time off, paid parental leave, fertility benefits, pet insurance, tuition assistance, retirement benefits, and more. 

• Recognition of exceptional performance through annual bonuses, salary growth over time through market increases, and opportunities for merit raises and promotions based on increased scope of responsibility. 

• A job that matters, a team that cares, and a place to learn, innovate and thrive. 

You can expect to have transparent conversations about benefits and compensation with our recruiters throughout your application process.