Remote Governance Risk And Compliance Jobs
Remote Governance Risk And Compliance jobs are in strong demand across the U.S., with remote-first firms and distributed teams actively hiring for compliance, risk management, and regulatory oversight roles in finance, healthcare, technology, and professional services. Employers hiring remotely right now include Aprio, DIRECTV, and LaunchDarkly. See the openings below and apply to the ones that match your experience.
Find JobsOverview
Showing 5 of 8+ Remote Governance Risk And Compliance jobs
INTRODUCTION
The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives. The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs. This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
ROLE AND RESPONSIBILITIES
Here’s what you’ll do:
Cybersecurity Governance:
- Lead the enterprise Cybersecurity Governance Program.
- Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
- Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
- Track cybersecurity initiatives, remediation activities, and strategic priorities.
- Drive accountability for cybersecurity performance across the organization.
Cyber Risk Management:
- Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
- Maintain cybersecurity risk registers and risk treatment plans.
- Facilitate risk reviews with business and technology stakeholders.
- Present cybersecurity risk posture to senior leadership.
Policy, Standards and Governance:
- Own cybersecurity policies, standards, procedures, and governance frameworks.
- Ensure alignment with industry standards and regulatory requirements.
- Maintain governance processes supporting cybersecurity decision-making.
Compliance and Audit:
- Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
- Coordinate internal and external audits.
- Manage remediation efforts resulting from audit findings and assessments.
- Maintain cybersecurity control documentation and evidence repositories.
Third-Party and Supplier Security:
- Lead Supplier Information Security Requirement (SISR) governance and oversight.
- Manage third-party cybersecurity risk assessments and monitoring.
- Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
Security Awareness and Training:
- Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
- Establish metrics to measure effectiveness and maturity.
- Drive continuous improvement of employee cybersecurity culture.
Security Assurance and Testing Programs:
- Provide governance oversight of:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Assessment Programs
- Ensure testing results are tracked, reported, and remediated appropriately.
Leadership and People Management:
- Lead and develop cybersecurity governance personnel and contractors.
- Manage vendor and consulting relationships supporting GRC activities.
- Establish goals, objectives, and performance measures for the organization.
- Build a scalable governance function supporting DIRECTV's cybersecurity strategy.
BASIC QUALIFICATIONS
What you’ll need to be successful:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
- 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
- 5+ years of leadership experience managing cybersecurity programs and teams.
- Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
- Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
- Experience presenting cybersecurity metrics and risk information to executive leadership.
- Strong written and verbal communication skills.
PREFERRED QUALIFICATIONS
- CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
- Experience leading enterprise cybersecurity governance programs.
- Experience in telecommunications, media, technology, or highly regulated industries.
- Experience building cybersecurity governance organizations during periods of transformation or separation activities.
REPORTING RELATIONSHIP
Reports to: Senior Director, IT & Corporate Cybersecurity
ORGANIZATION SCOPE
- Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
- Oversight of approximately six contractor resources and future employee growth within the GRC organization.
- Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.
May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
LOCATION
This is a remote position that can be located anywhere in the contiguous United States.
COMPENSATION
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- DIRECTV WAGE ZONES: $147,830 - $268,307
- Low (N1): $147,830 - $221,645
- Mid (N2): $155,610 - $233,310
- High (N3): $171,171 - $256,641
- Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
EEO STATEMENT
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process
Apply today!
INTRODUCTION
The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives. The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs. This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
ROLE AND RESPONSIBILITIES
Here’s what you’ll do:
Cybersecurity Governance:
- Lead the enterprise Cybersecurity Governance Program.
- Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
- Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
- Track cybersecurity initiatives, remediation activities, and strategic priorities.
- Drive accountability for cybersecurity performance across the organization.
Cyber Risk Management:
- Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
- Maintain cybersecurity risk registers and risk treatment plans.
- Facilitate risk reviews with business and technology stakeholders.
- Present cybersecurity risk posture to senior leadership.
Policy, Standards and Governance:
- Own cybersecurity policies, standards, procedures, and governance frameworks.
- Ensure alignment with industry standards and regulatory requirements.
- Maintain governance processes supporting cybersecurity decision-making.
Compliance and Audit:
- Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
- Coordinate internal and external audits.
- Manage remediation efforts resulting from audit findings and assessments.
- Maintain cybersecurity control documentation and evidence repositories.
Third-Party and Supplier Security:
- Lead Supplier Information Security Requirement (SISR) governance and oversight.
- Manage third-party cybersecurity risk assessments and monitoring.
- Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
Security Awareness and Training:
- Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
- Establish metrics to measure effectiveness and maturity.
- Drive continuous improvement of employee cybersecurity culture.
Security Assurance and Testing Programs:
- Provide governance oversight of:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Assessment Programs
- Ensure testing results are tracked, reported, and remediated appropriately.
Leadership and People Management:
- Lead and develop cybersecurity governance personnel and contractors.
- Manage vendor and consulting relationships supporting GRC activities.
- Establish goals, objectives, and performance measures for the organization.
- Build a scalable governance function supporting DIRECTV's cybersecurity strategy.
BASIC QUALIFICATIONS
What you’ll need to be successful:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
- 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
- 5+ years of leadership experience managing cybersecurity programs and teams.
- Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
- Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
- Experience presenting cybersecurity metrics and risk information to executive leadership.
- Strong written and verbal communication skills.
PREFERRED QUALIFICATIONS
- CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
- Experience leading enterprise cybersecurity governance programs.
- Experience in telecommunications, media, technology, or highly regulated industries.
- Experience building cybersecurity governance organizations during periods of transformation or separation activities.
REPORTING RELATIONSHIP
Reports to: Senior Director, IT & Corporate Cybersecurity
ORGANIZATION SCOPE
- Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
- Oversight of approximately six contractor resources and future employee growth within the GRC organization.
- Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.
May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
LOCATION
This is a remote position that can be located anywhere in the contiguous United States.
COMPENSATION
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- DIRECTV WAGE ZONES: $147,830 - $268,307
- Low (N1): $147,830 - $221,645
- Mid (N2): $155,610 - $233,310
- High (N3): $171,171 - $256,641
- Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
EEO STATEMENT
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process
Apply today!
See All 8 Remote Governance Risk And Compliance Jobs
Find roles that match your experience and apply in just a few clicks.
Find JobsRemote Governance Risk And Compliance Job Market
Who's Hiring
- Aprio1
- DIRECTV1
- LaunchDarkly1
- Bamboo Health1
- Hyperproof1
Top Industries Hiring
- Technology & Software2
- Insurance1
- Telecommunications1
- Accounting & Auditing1
What Employers Look For
The qualifications that appear most often in remote governance risk and compliance jobs.
- Bachelor's degree in finance, accounting, law, business, or a related field
- Certifications such as CISA, CRISC, CIA, CGRC, or CISM
- Experience conducting internal audits, risk assessments, or compliance reviews
- Knowledge of regulatory frameworks including SOX, COSO, NIST, or ISO 31000
- Proficiency with GRC platforms such as Archer, ServiceNow GRC, or MetricStream
- Strong written communication skills for policy documentation and audit reporting
Tips for Your Remote Governance Risk And Compliance Job Search
Apply early to remote roles that fit
Migrate Mate lists remote governance risk and compliance openings from across the U.S. in one place, so you can find roles that match your background and apply directly without sorting through unrelated listings.
Show your GRC tools fluency upfront
Remote employers want to know you can operate independently inside platforms like Archer, ServiceNow GRC, Vanta, or OneTrust from day one. Name the specific tools you've used and what you accomplished with them in your resume and cover letter.
Prove you can communicate compliance findings in writing
Remote GRC roles live or die on written communication. Prepare writing samples, such as risk memos, policy drafts, or audit summaries, that demonstrate you can convey complex regulatory findings clearly to stakeholders who aren't in the same room.
Target distributed teams with existing compliance programs
Companies that already have a remote compliance function are far more likely to onboard a remote GRC professional successfully. Look for job postings that mention remote-first culture, async workflows, or existing GRC tooling, because those teams know how to integrate you without requiring in-person oversight.
Prepare for async-heavy remote interviews
Many remote GRC hiring processes include asynchronous assessments, such as written scenario responses or take-home policy analysis exercises. Practice articulating your risk reasoning clearly in writing, and be ready to walk through your decision-making process on a video call without a whiteboard.
Remote Governance Risk And Compliance Jobs: Frequently Asked Questions
How do I get a remote governance risk and compliance job?
Target companies that already run distributed compliance teams, such as fintech platforms, SaaS businesses, and digital-first financial institutions, because they've built the infrastructure for remote GRC work. Remote employers screen for strong written communication, the ability to interpret and document regulatory requirements independently, and familiarity with GRC platforms like Archer, ServiceNow, or Vanta. Demonstrating that you can manage audits, track controls, and escalate findings without in-person check-ins gives you a clear edge.
Which companies hire remote governance risk and compliances?
Remote governance risk and compliance roles are posted by Aprio, DIRECTV, and LaunchDarkly and others right now, based on current remote listings on Migrate Mate as of June 2026. Remote-first fintechs, cloud-native healthcare organizations, insurance carriers with distributed operations, and large technology firms with global regulatory obligations are among the most consistent hirers of remote governance risk and compliance professionals.
Can you get a remote governance risk and compliance job with no experience?
Yes, but remote entry-level GRC roles are competitive because employers expect you to work independently from day one without on-site mentorship. Your best path in is through smaller compliance-light companies, startups building their first GRC function, or junior risk analyst roles at consulting firms with remote teams. Showing self-directed learning through GRC certifications like CompTIA Security+, CISA, or CRISC, along with any hands-on policy writing or audit support, signals you can handle the autonomy remote work demands.
Do you need a degree for remote governance risk and compliance jobs?
Not always. Many remote employers weight demonstrated GRC skills, relevant certifications, and a history of managing compliance frameworks over a specific degree. Credentials like CISA, CISM, CRISC, or a Certified Compliance and Ethics Professional designation carry real weight, especially at remote-first companies that evaluate candidates on output rather than credentials alone. A portfolio of policy documents, risk assessments, or audit reports you've produced strengthens your case significantly.
Which industries hire the most remote governance risk and compliances?
Most remote governance risk and compliance openings sit in Technology & Software, Insurance, and Telecommunications, per current remote listings on Migrate Mate as of June 2026. These sectors hire governance risk and compliance professionals remotely because their compliance obligations are documentation-heavy and technology-driven, making the work well suited to distributed teams operating across multiple jurisdictions.
See All 8 Remote Governance Risk And Compliance Jobs
Find roles that match your experience and apply in just a few clicks.
Find Jobs