Governance Risk And Compliance Jobs in USA with Visa Sponsorship
Governance, Risk and Compliance roles qualify as specialty occupations under the H-1B visa, making visa sponsorship straightforward for qualified candidates. Most positions require a degree in finance, law, business, or a related field, and employers in financial services, healthcare, and tech sponsor regularly. For detailed occupation requirements, see the O*NET profile.
Find Governance Risk And Compliance JobsOverview
Showing 5 of 1,097+ Governance Risk And Compliance jobs
See all 1,097+ Governance Risk And Compliance Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Governance Risk And Compliance roles.
Get Access To All JobsINTRODUCTION
The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives. The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs. This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
ROLE AND RESPONSIBILITIES
Here’s what you’ll do:
Cybersecurity Governance:
- Lead the enterprise Cybersecurity Governance Program.
- Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
- Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
- Track cybersecurity initiatives, remediation activities, and strategic priorities.
- Drive accountability for cybersecurity performance across the organization.
Cyber Risk Management:
- Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
- Maintain cybersecurity risk registers and risk treatment plans.
- Facilitate risk reviews with business and technology stakeholders.
- Present cybersecurity risk posture to senior leadership.
Policy, Standards and Governance:
- Own cybersecurity policies, standards, procedures, and governance frameworks.
- Ensure alignment with industry standards and regulatory requirements.
- Maintain governance processes supporting cybersecurity decision-making.
Compliance and Audit:
- Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
- Coordinate internal and external audits.
- Manage remediation efforts resulting from audit findings and assessments.
- Maintain cybersecurity control documentation and evidence repositories.
Third-Party and Supplier Security:
- Lead Supplier Information Security Requirement (SISR) governance and oversight.
- Manage third-party cybersecurity risk assessments and monitoring.
- Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
Security Awareness and Training:
- Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
- Establish metrics to measure effectiveness and maturity.
- Drive continuous improvement of employee cybersecurity culture.
Security Assurance and Testing Programs:
- Provide governance oversight of:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Assessment Programs
- Ensure testing results are tracked, reported, and remediated appropriately.
Leadership and People Management:
- Lead and develop cybersecurity governance personnel and contractors.
- Manage vendor and consulting relationships supporting GRC activities.
- Establish goals, objectives, and performance measures for the organization.
- Build a scalable governance function supporting DIRECTV's cybersecurity strategy.
BASIC QUALIFICATIONS
What you’ll need to be successful:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
- 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
- 5+ years of leadership experience managing cybersecurity programs and teams.
- Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
- Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
- Experience presenting cybersecurity metrics and risk information to executive leadership.
- Strong written and verbal communication skills.
PREFERRED QUALIFICATIONS
- CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
- Experience leading enterprise cybersecurity governance programs.
- Experience in telecommunications, media, technology, or highly regulated industries.
- Experience building cybersecurity governance organizations during periods of transformation or separation activities.
REPORTING RELATIONSHIP
Reports to: Senior Director, IT & Corporate Cybersecurity
ORGANIZATION SCOPE
- Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
- Oversight of approximately six contractor resources and future employee growth within the GRC organization.
- Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.
May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
LOCATION
This is a remote position that can be located anywhere in the contiguous United States.
COMPENSATION
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- DIRECTV WAGE ZONES: $147,830 - $268,307
- Low (N1): $147,830 - $221,645
- Mid (N2): $155,610 - $233,310
- High (N3): $171,171 - $256,641
- Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
EEO STATEMENT
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process
Apply today!
INTRODUCTION
The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives. The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs. This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
ROLE AND RESPONSIBILITIES
Here’s what you’ll do:
Cybersecurity Governance:
- Lead the enterprise Cybersecurity Governance Program.
- Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
- Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
- Track cybersecurity initiatives, remediation activities, and strategic priorities.
- Drive accountability for cybersecurity performance across the organization.
Cyber Risk Management:
- Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
- Maintain cybersecurity risk registers and risk treatment plans.
- Facilitate risk reviews with business and technology stakeholders.
- Present cybersecurity risk posture to senior leadership.
Policy, Standards and Governance:
- Own cybersecurity policies, standards, procedures, and governance frameworks.
- Ensure alignment with industry standards and regulatory requirements.
- Maintain governance processes supporting cybersecurity decision-making.
Compliance and Audit:
- Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
- Coordinate internal and external audits.
- Manage remediation efforts resulting from audit findings and assessments.
- Maintain cybersecurity control documentation and evidence repositories.
Third-Party and Supplier Security:
- Lead Supplier Information Security Requirement (SISR) governance and oversight.
- Manage third-party cybersecurity risk assessments and monitoring.
- Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
Security Awareness and Training:
- Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
- Establish metrics to measure effectiveness and maturity.
- Drive continuous improvement of employee cybersecurity culture.
Security Assurance and Testing Programs:
- Provide governance oversight of:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Assessment Programs
- Ensure testing results are tracked, reported, and remediated appropriately.
Leadership and People Management:
- Lead and develop cybersecurity governance personnel and contractors.
- Manage vendor and consulting relationships supporting GRC activities.
- Establish goals, objectives, and performance measures for the organization.
- Build a scalable governance function supporting DIRECTV's cybersecurity strategy.
BASIC QUALIFICATIONS
What you’ll need to be successful:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
- 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
- 5+ years of leadership experience managing cybersecurity programs and teams.
- Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
- Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
- Experience presenting cybersecurity metrics and risk information to executive leadership.
- Strong written and verbal communication skills.
PREFERRED QUALIFICATIONS
- CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
- Experience leading enterprise cybersecurity governance programs.
- Experience in telecommunications, media, technology, or highly regulated industries.
- Experience building cybersecurity governance organizations during periods of transformation or separation activities.
REPORTING RELATIONSHIP
Reports to: Senior Director, IT & Corporate Cybersecurity
ORGANIZATION SCOPE
- Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
- Oversight of approximately six contractor resources and future employee growth within the GRC organization.
- Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.
May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
LOCATION
This is a remote position that can be located anywhere in the contiguous United States.
COMPENSATION
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- DIRECTV WAGE ZONES: $147,830 - $268,307
- Low (N1): $147,830 - $221,645
- Mid (N2): $155,610 - $233,310
- High (N3): $171,171 - $256,641
- Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
EEO STATEMENT
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process
Apply today!
See all 1,097+ Governance Risk And Compliance Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Governance Risk And Compliance roles.
Get Access To All JobsTips for Finding Governance Risk And Compliance Jobs
Target industries with established compliance functions
Financial services, healthcare, and technology firms maintain dedicated GRC teams and sponsor visas routinely. These employers have existing immigration infrastructure, which means faster processing and fewer complications compared to companies sponsoring for the first time.
Lead with your degree field, not just your title
H-1B specialty occupation approval depends on your degree matching the role. A finance, accounting, law, or information systems degree strengthens your petition significantly. A general business degree alone can draw scrutiny, so frame relevant coursework and specializations explicitly in your application.
Highlight regulatory frameworks you know
Employers sponsor GRC candidates faster when the job description maps to specific frameworks like SOX, ISO 27001, HIPAA, or NIST. Listing these in your resume signals specialized expertise that supports the specialty occupation argument USCIS needs to approve your petition.
Ask about LCA timelines before accepting an offer
Your employer must file a Labor Condition Application with the Department of Labor before submitting your H-1B petition. This typically takes one to two weeks. Confirming the employer understands this step early prevents delays that can affect your start date.
Consider premium processing if your start date is firm
USCIS premium processing guarantees a decision within 15 business days. For GRC roles with regulatory deadlines or fiscal year start dates, premium processing removes uncertainty and gives both you and your employer a confirmed timeline to plan around.
Browse visa-sponsoring GRC employers on Migrate Mate
Not every company advertising compliance roles will sponsor a visa. Migrate Mate filters job listings specifically for employers open to sponsorship, saving you from applying to positions that will stall at the offer stage due to immigration restrictions.
Frequently Asked Questions
Do Governance, Risk and Compliance roles qualify for H-1B visa sponsorship?
Yes, GRC roles generally qualify as specialty occupations under the H-1B visa because they require at least a bachelor's degree in a specific field such as finance, accounting, law, information systems, or business administration. USCIS looks at whether the degree requirement is tied directly to the job duties, so positions focused on SOX compliance, enterprise risk management, or cybersecurity governance tend to have stronger petitions than generalist roles where any degree is accepted.
What degree do I need for an employer to sponsor my GRC visa?
Most GRC sponsorship petitions are strongest with a degree in accounting, finance, law, information systems, or risk management. A general business degree can work but may require additional documentation showing the degree is directly relevant to the specific role. Certifications like CISA, CRISC, or CPA can strengthen your petition but do not substitute for the degree requirement under H-1B rules.
Which industries sponsor the most GRC roles?
Financial services firms, including banks, asset managers, and insurance companies, sponsor GRC professionals at the highest rates because regulatory compliance is core to their operations. Healthcare organizations subject to HIPAA and tech companies managing data privacy under regulations like GDPR and CCPA also sponsor regularly. Defense contractors and consulting firms that serve regulated industries are also consistent sponsors.
How competitive is the H-1B lottery for GRC professionals?
GRC roles are subject to the same H-1B annual cap and lottery as other specialty occupations, with a selection rate around 25% in recent years. Candidates with a U.S. master's degree get entered into a separate master's cap pool first, which improves odds slightly. Some GRC roles at universities, nonprofits, or government research organizations are cap-exempt and do not require lottery selection at all.
Where can I find GRC jobs that specifically offer visa sponsorship?
Migrate Mate is built specifically for this, filtering job listings to show only employers open to visa sponsorship. Standard job boards mix sponsored and non-sponsored roles with no way to filter, so you end up applying to positions that stall once immigration comes up. Searching on Migrate Mate lets you focus your effort on employers who have already indicated they will support the visa process.
What is the prevailing wage requirement for sponsored Governance Risk And Compliance jobs?
U.S. employers sponsoring a visa must pay at least the prevailing wage, which is what workers in the same role, area, and experience level typically earn. The Department of Labor sets this rate to make sure companies aren't hiring foreign workers simply because they'd accept lower pay than a U.S. worker. It varies by job title, location, and experience. You can look up current prevailing wage rates for any occupation and location using the OFLC Wage Search page.