Risk And Compliance Jobs in USA with Visa Sponsorship
Risk and compliance roles qualify for H-1B visa, E-3 visa, and TN visa sponsorship when the position requires a bachelor's degree in finance, law, business, or a related field. Employers in banking, insurance, and fintech sponsor regularly, though sponsorship rates vary by firm size and regulatory environment. For detailed occupation requirements, see the O*NET profile.
Find Risk And Compliance JobsOverview
Showing 5 of 1,163+ Risk And Compliance jobs
See all 1,163+ Risk And Compliance Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Risk And Compliance roles.
Get Access To All JobsINTRODUCTION
The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives. The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs. This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
ROLE AND RESPONSIBILITIES
Here’s what you’ll do:
Cybersecurity Governance:
- Lead the enterprise Cybersecurity Governance Program.
- Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
- Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
- Track cybersecurity initiatives, remediation activities, and strategic priorities.
- Drive accountability for cybersecurity performance across the organization.
Cyber Risk Management:
- Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
- Maintain cybersecurity risk registers and risk treatment plans.
- Facilitate risk reviews with business and technology stakeholders.
- Present cybersecurity risk posture to senior leadership.
Policy, Standards and Governance:
- Own cybersecurity policies, standards, procedures, and governance frameworks.
- Ensure alignment with industry standards and regulatory requirements.
- Maintain governance processes supporting cybersecurity decision-making.
Compliance and Audit:
- Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
- Coordinate internal and external audits.
- Manage remediation efforts resulting from audit findings and assessments.
- Maintain cybersecurity control documentation and evidence repositories.
Third-Party and Supplier Security:
- Lead Supplier Information Security Requirement (SISR) governance and oversight.
- Manage third-party cybersecurity risk assessments and monitoring.
- Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
Security Awareness and Training:
- Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
- Establish metrics to measure effectiveness and maturity.
- Drive continuous improvement of employee cybersecurity culture.
Security Assurance and Testing Programs:
- Provide governance oversight of:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Assessment Programs
- Ensure testing results are tracked, reported, and remediated appropriately.
Leadership and People Management:
- Lead and develop cybersecurity governance personnel and contractors.
- Manage vendor and consulting relationships supporting GRC activities.
- Establish goals, objectives, and performance measures for the organization.
- Build a scalable governance function supporting DIRECTV's cybersecurity strategy.
BASIC QUALIFICATIONS
What you’ll need to be successful:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
- 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
- 5+ years of leadership experience managing cybersecurity programs and teams.
- Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
- Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
- Experience presenting cybersecurity metrics and risk information to executive leadership.
- Strong written and verbal communication skills.
PREFERRED QUALIFICATIONS
- CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
- Experience leading enterprise cybersecurity governance programs.
- Experience in telecommunications, media, technology, or highly regulated industries.
- Experience building cybersecurity governance organizations during periods of transformation or separation activities.
REPORTING RELATIONSHIP
Reports to: Senior Director, IT & Corporate Cybersecurity
ORGANIZATION SCOPE
- Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
- Oversight of approximately six contractor resources and future employee growth within the GRC organization.
- Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.
May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
LOCATION
This is a remote position that can be located anywhere in the contiguous United States.
COMPENSATION
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- DIRECTV WAGE ZONES: $147,830 - $268,307
- Low (N1): $147,830 - $221,645
- Mid (N2): $155,610 - $233,310
- High (N3): $171,171 - $256,641
- Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
EEO STATEMENT
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process
Apply today!
INTRODUCTION
The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives. The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs. This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
ROLE AND RESPONSIBILITIES
Here’s what you’ll do:
Cybersecurity Governance:
- Lead the enterprise Cybersecurity Governance Program.
- Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
- Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
- Track cybersecurity initiatives, remediation activities, and strategic priorities.
- Drive accountability for cybersecurity performance across the organization.
Cyber Risk Management:
- Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
- Maintain cybersecurity risk registers and risk treatment plans.
- Facilitate risk reviews with business and technology stakeholders.
- Present cybersecurity risk posture to senior leadership.
Policy, Standards and Governance:
- Own cybersecurity policies, standards, procedures, and governance frameworks.
- Ensure alignment with industry standards and regulatory requirements.
- Maintain governance processes supporting cybersecurity decision-making.
Compliance and Audit:
- Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
- Coordinate internal and external audits.
- Manage remediation efforts resulting from audit findings and assessments.
- Maintain cybersecurity control documentation and evidence repositories.
Third-Party and Supplier Security:
- Lead Supplier Information Security Requirement (SISR) governance and oversight.
- Manage third-party cybersecurity risk assessments and monitoring.
- Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
Security Awareness and Training:
- Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
- Establish metrics to measure effectiveness and maturity.
- Drive continuous improvement of employee cybersecurity culture.
Security Assurance and Testing Programs:
- Provide governance oversight of:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Assessment Programs
- Ensure testing results are tracked, reported, and remediated appropriately.
Leadership and People Management:
- Lead and develop cybersecurity governance personnel and contractors.
- Manage vendor and consulting relationships supporting GRC activities.
- Establish goals, objectives, and performance measures for the organization.
- Build a scalable governance function supporting DIRECTV's cybersecurity strategy.
BASIC QUALIFICATIONS
What you’ll need to be successful:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
- 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
- 5+ years of leadership experience managing cybersecurity programs and teams.
- Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
- Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
- Experience presenting cybersecurity metrics and risk information to executive leadership.
- Strong written and verbal communication skills.
PREFERRED QUALIFICATIONS
- CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
- Experience leading enterprise cybersecurity governance programs.
- Experience in telecommunications, media, technology, or highly regulated industries.
- Experience building cybersecurity governance organizations during periods of transformation or separation activities.
REPORTING RELATIONSHIP
Reports to: Senior Director, IT & Corporate Cybersecurity
ORGANIZATION SCOPE
- Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
- Oversight of approximately six contractor resources and future employee growth within the GRC organization.
- Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.
May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
LOCATION
This is a remote position that can be located anywhere in the contiguous United States.
COMPENSATION
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- DIRECTV WAGE ZONES: $147,830 - $268,307
- Low (N1): $147,830 - $221,645
- Mid (N2): $155,610 - $233,310
- High (N3): $171,171 - $256,641
- Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
EEO STATEMENT
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process
Apply today!
See all 1,163+ Risk And Compliance Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Risk And Compliance roles.
Get Access To All JobsTips for Finding Risk And Compliance Jobs
Target regulated industries first
Banks, insurance companies, and fintech firms face the heaviest compliance burdens and hire the most sponsored workers. These employers have established immigration programs and are far more likely to process H-1B or E-3 petitions without hesitation.
Emphasize your degree field on your resume
USCIS requires a direct connection between your degree and the role. A finance, accounting, law, or economics degree strengthens your specialty occupation case. Highlight coursework and credentials that map cleanly to the compliance function you're applying for.
Certifications significantly strengthen your petition
Credentials like CRCM, CAMS, or CFE signal that your role requires specialized knowledge beyond general business. Immigration attorneys use professional certifications as supporting evidence that the position meets specialty occupation standards under USCIS policy.
Understand your visa category options before applying
Australian citizens can pursue E-3 sponsorship without lottery risk. Canadians and Mexicans may qualify under TN. If you're subject to H-1B, cap-exempt employers like universities and nonprofits offer sponsorship outside the annual lottery cycle.
Prepare for detailed RFE documentation
Risk and compliance petitions face above-average requests for evidence because job titles can appear generic to USCIS adjudicators. Work with your employer's immigration counsel to document specific regulatory frameworks, required expertise, and degree requirements in the job description.
Browse sponsoring employers on Migrate Mate
Not every compliance role comes with sponsorship, and filtering manually across postings wastes time. Migrate Mate aggregates roles from employers who have actively sponsored visa workers, letting you focus applications on firms already willing to support your status.
Frequently Asked Questions
Do risk and compliance jobs typically qualify as specialty occupations for H-1B purposes?
Yes, most risk and compliance roles qualify as specialty occupations when the employer requires a bachelor's degree or higher in a specific field like finance, accounting, law, or economics. The key is that the degree requirement must be tied to the specific role, not just any bachelor's degree. Petitions for generalist titles like 'Compliance Officer' face more scrutiny than roles with narrower scope, such as 'AML Compliance Analyst' or 'Credit Risk Manager,' so specificity in the job description matters.
Which visa categories are available for risk and compliance professionals?
H-1B visa is the most common path for non-Australians and non-Canadians. Australian citizens can use the E-3 visa, which has no lottery and far lower competition. Canadians and Mexicans with qualifying degrees may be eligible under TN visa status in the financial services category. O-1A is an option for senior compliance professionals who can demonstrate extraordinary ability through publications, speaking engagements, or leadership of major regulatory initiatives.
What degree do I need for a sponsored risk and compliance role?
Most sponsored positions require a bachelor's degree in finance, accounting, economics, business administration, or law. Some roles, particularly in quantitative risk or model risk management, prefer degrees in mathematics, statistics, or engineering. If your degree is in an adjacent field, professional certifications like CAMS, FRM, or CRCM can help bridge the gap and strengthen the specialty occupation argument in your visa petition.
How can I find risk and compliance employers who actively sponsor visas?
Migrate Mate is built specifically for this. Rather than sorting through thousands of postings where sponsorship is ambiguous, Migrate Mate surfaces roles from employers who have a demonstrated history of visa sponsorship. This is especially useful in compliance, where large financial institutions sponsor frequently but smaller firms rarely do. Filtering by visa type on Migrate Mate helps you focus on realistic opportunities from the start.
Are risk and compliance H-1B petitions more likely to receive a Request for Evidence?
Compliance roles do attract RFEs more often than highly technical fields like software engineering or medicine, because USCIS adjudicators sometimes question whether a specific degree is required. The strongest petitions clearly document the regulatory complexity of the role, reference specific compliance frameworks the hire will work within, and include evidence such as industry surveys or job postings showing that a degree in a specific field is the standard requirement for that position.
What is the prevailing wage requirement for sponsored Risk And Compliance jobs?
U.S. employers sponsoring a visa must pay at least the prevailing wage, which is what workers in the same role, area, and experience level typically earn. The Department of Labor sets this rate to make sure companies aren't hiring foreign workers simply because they'd accept lower pay than a U.S. worker. It varies by job title, location, and experience. You can look up current prevailing wage rates for any occupation and location using the OFLC Wage Search page.