onsite

Senior Director, IT & Security GRC - Realpage

Software Engineer

Senior Director leading enterprise IT risk and compliance, driving SOX, PCI, SOC, NYDFS frameworks, and a unified threat and controls library across a complex SaaS ecosystem.

About the role

Overview

This role reports to VP, Technology GRC and Deputy CISO and has accountability for maturing SOX ITGC oversight, establishing a unified Technology Risk, Threat, and Controls Library, and delivering executive-level risk reporting and advisory services. It partners closely with senior leadership, Internal Audit, and business stakeholders to design and operate a scalable, framework-aligned risk and control environment across a complex SaaS ecosystem.

The position serves as a strategic advisor to executives, providing clear insight into technology risk posture, emerging threats, and remediation strategies while enabling regulatory compliance (SOX, PCI, SOC, NYDFS) and business objectives.

Responsibilities

SOX IT General Controls (ITGCs)

Partner with control owners (1st LOD) to mature controls, drive automation, and remediate control deficiencies prior to year-end.
Monitor compliance of control design and operating effectiveness

Technology Risks, Threats & Controls Library

Build, govern, and continuously evolve the enterprise Technology Risk, Threat, and Control Library, mapped to NIST CSF 2.0, COBIT 2019, ISO 27001, MITRE ATT&CK, and applicable regulatory regimes.
Establish a unified control taxonomy enabling control rationalization, framework crosswalks, and "test once, satisfy many" efficiencies across SOX, PCI DSS, SOC 1, SOC 2 and NYDFS.

AI Risk Management

Demonstrated interest or working proficiency in "vibe coding" and AI-assisted development workflows using tools (e.g., Claude Code, Cursor and GitHub Copilot), sufficient to prototype control automations, evidence collectors, and governance tooling without dependence on engineering backlog.
Hands-on familiarity with leading Large Language Models (LLMs) (e.g., Anthropic Claude (Opus, Sonnet, Haiku), OpenAI GPT-4/5 and o-series, Google Gemini, Meta Llama, and Mistral), with a practical understanding of model selection trade-offs (reasoning depth, context window, cost, latency, data residency).
Working knowledge of LLM application patterns — prompt engineering, retrieval-augmented generation (RAG), function/tool calling, agentic workflows, and Model Context Protocol (MCP) and the associated risk, control, and governance implications.
Familiarity with the AI/LLM risk landscape, including OWASP Top 10 for LLM Applications, NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, and emerging regulatory expectations (EU AI Act, NYDFS AI guidance, state-level AI laws).
Ability to govern AI responsibly while using it productively leveraging LLMs to accelerate risk assessments, control narratives, policy drafting, audit evidence review, and Board reporting while maintaining accuracy, confidentiality, and IP boundaries.

Committee & Board Reporting

Develop and deliver executive

About the role

Overview

Responsibilities

SOX IT General Controls (ITGCs)

Partner with control owners (1st LOD) to mature controls, drive automation, and remediate control deficiencies prior to year-end.
Monitor compliance of control design and operating effectiveness

Technology Risks, Threats & Controls Library

Build, govern, and continuously evolve the enterprise Technology Risk, Threat, and Control Library, mapped to NIST CSF 2.0, COBIT 2019, ISO 27001, MITRE ATT&CK, and applicable regulatory regimes.
Establish a unified control taxonomy enabling control rationalization, framework crosswalks, and "test once, satisfy many" efficiencies across SOX, PCI DSS, SOC 1, SOC 2 and NYDFS.

AI Risk Management

Demonstrated interest or working proficiency in "vibe coding" and AI-assisted development workflows using tools (e.g., Claude Code, Cursor and GitHub Copilot), sufficient to prototype control automations, evidence collectors, and governance tooling without dependence on engineering backlog.
Hands-on familiarity with leading Large Language Models (LLMs) (e.g., Anthropic Claude (Opus, Sonnet, Haiku), OpenAI GPT-4/5 and o-series, Google Gemini, Meta Llama, and Mistral), with a practical understanding of model selection trade-offs (reasoning depth, context window, cost, latency, data residency).
Working knowledge of LLM application patterns — prompt engineering, retrieval-augmented generation (RAG), function/tool calling, agentic workflows, and Model Context Protocol (MCP) and the associated risk, control, and governance implications.
Familiarity with the AI/LLM risk landscape, including OWASP Top 10 for LLM Applications, NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, and emerging regulatory expectations (EU AI Act, NYDFS AI guidance, state-level AI laws).
Ability to govern AI responsibly while using it productively leveraging LLMs to accelerate risk assessments, control narratives, policy drafting, audit evidence review, and Board reporting while maintaining accuracy, confidentiality, and IP boundaries.

Committee & Board Reporting

Develop and deliver executive

Senior Director, IT & Security GRC - Realpage

About the role

Senior Director, IT & Security GRC - Realpage

About the role

Skills