Factset

Director - Governance, Risk and Compliance

Posted 2 Days Ago

Be an Early Applicant

3 Locations

In-Office

185K-220K Annually

Expert/Leader

Aerospace • Big Data • Fintech • Software • Analytics

The Role

Lead a global Information Security GRC function, develop and execute GRC strategy, manage security policies and GRC platforms, mature third-party risk and customer trust programs, oversee audits and ITGCs, define KRIs/KPIs, drive remediation, report to executive leadership, and build a high-performing GRC team aligned with regulatory frameworks and business objectives.

Summary Generated by Built In

FactSet creates flexible, open data and software solutions for over 200,000 investment professionals worldwide, providing instant access

to financial data and analytics that investors use to make crucial decisions.

At FactSet, our values are the foundation of everything we do. They express how we act and operate, serve as a compass in our decision-making, and play a big role in how we treat each other, our clients, and our communities. We believe that the best ideas can come from anyone, anywhere, at any time, and that curiosity is the key to anticipating our clients’ needs and exceeding their expectations.

Locations: Norwalk, CT | New York City

Working Environment: Hybrid

Your Team’s Impact:

The Information Security team at FactSet drives cybersecurity governance, risk, and compliance activities across the Technology organization. The team is responsible for ensuring that technology systems, infrastructure, and projects are effectively designed, managed and optimized to meet security and regulatory requirements. This includes promoting cross-functional collaboration to identify and remediate cyber risks consistently and reporting KRIs and KPIs.

We are seeking an experienced, proactive Cyber Risk Leader to serve as the Director of Governance, Risk, and Compliance. This critical role involves leading a global GRC team within the Information Security function, with responsibilities spanning strategic management of cyber risk, third-party risk, customer trust, and development of policies and standards. The successful candidate will collaborate with Technology, Compliance, Business, and Legal teams to update audit frameworks and assess cyber risks, partnering with internal and external auditors to support technology audits. In addition to providing strategic reports for senior management and guidance on regulatory alignment, the role demands input into technology decisions and crafting long-term strategic roadmaps. Reporting directly to the CISO, the ideal candidate will leverage deep technical knowledge, exceptional analytical skills, and strong collaborative abilities to drive measurable security outcomes and uphold FactSet’s commitment to industry-standard compliance.

What You’ll Do:

Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short-term and long-term roadmaps.
Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer-facing security posture.
Lead and mature the third-party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
Foster a cyber-aware culture by implementing training programs, managing a Security Culture Framework, and building a high-performing GRC team through leadership, mentoring, and development.
Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.

Qualifications:

Bachelor’s degree in information technology, Computer Science, or a related field. Master’s degree is preferred.
15+ years of experience in information security focusing on governance, risk and compliance domains.
Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
Hands-on experience with third-party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
In-depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
Familiarity with AI tools and trends such as generative and agentic AI, with a willingness to creatively apply emerging technologies to address identified risks.
Strong leadership and interpersonal skills, with the ability to coach and grow the GRC team, set clear objectives, and foster collaboration across functions and levels.
Proven ability to partner with Legal, Procurement, Technology, Compliance, Product, and Engineering teams to integrate security policies and standards into business processes.
Professional certifications like Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) are strongly preferred.

The budgeted base salary for this position in the state of Connecticut and NYC is $185,000-220,000. US applicants must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

What’s In It For You:

The opportunity to join a growing firm with a proven track record of success for over 40 years, made up of thoughtful, innovative minds that value collaboration and welcome your new ideas to the table.
Mentorship and growth opportunities from senior employees.
Career progression planning and a focus on career development, complete with dedicated time each month for conference attendance, online learning seminars, and networking.
A robust social community dedicated to volunteerism, intramural sports, and team-building events.
Business resource groups that align with our company value of "Always Inclusive," designed to foster a welcoming and supportive environment for all.

Learn more about our benefits here.

Company Overview:

FactSet (NYSE:FDS | NASDAQ:FDS) helps the financial community to see more, think bigger, and work better. Our digital platform and enterprise solutions deliver financial data, analytics, and open technology to more than 8,200 global clients, including over 200,000 individual users. Clients across the buy-side and sell-side, as well as wealth managers, private equity firms, and corporations, achieve more every day with our comprehensive and connected content, flexible next-generation workflow solutions, and client-centric specialized support. As a member of the S&P 500, we are committed to sustainable growth and have been recognized among the Best Places to Work in 2023 by Glassdoor as a Glassdoor Employees’ Choice Award winner. Learn more at www.factset.com and follow us on X and LinkedIn.

At FactSet, we celebrate difference of thought, experience, and perspective. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, disability, protected veteran status or other characteristics protected by law. FactSet participates in E-Verify

Skills Required

Bachelor's degree in Information Technology, Computer Science, or related field
15+ years of experience in information security with focus on governance, risk and compliance
Strong knowledge of IT risk assessment, IT General Controls (ITGC), and NIST framework
Experience with compliance frameworks including SOX, SOC2, ISO 27001, and DORA
Hands-on experience managing third-party risk programs, vendor assessments, audits, and remediation tracking
In-depth understanding of application, endpoint, network, cloud and infrastructure security controls
Expertise deploying and managing GRC and automation platforms and translating risk data into executive dashboards and KRIs/KPIs
Experience leveraging automated audit tools and data analytics to support audits and reporting
Strong leadership, team building, mentoring, and cross-functional collaboration skills
Ability to partner with Legal, Procurement, Technology, Compliance, Product, and Engineering to integrate security into processes
Familiarity with AI tools and trends (e.g., generative and agentic AI) and willingness to apply them to risk management
Professional certifications such as CISA or CISSP
Must be legally authorized to work in the United States without employer sponsorship now or in the future

Factset Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Factset and has not been reviewed or approved by Factset.

Healthcare Strength — Healthcare coverage is positioned as comprehensive, spanning medical, dental/vision in some descriptions, and life and disability insurance. Company-wide wellness days and region-specific add-ons (e.g., Vitality PMI, Bupa dental, Health Shield cashback) further reinforce a strong health-and-wellbeing offering.
Retirement Support — Retirement savings support is consistently included as part of the core package through retirement savings plans. The presence of these programs is framed as a meaningful component of total rewards beyond base salary.
Equity Value & Accessibility — An employee stock purchase program is highlighted as a standard part of the total rewards package. This provides a pathway to share ownership alongside cash compensation.

Learn more about Factset's Compensation & Benefits →

Factset Insights

What's It Like to Work at Factset? Factset Culture & Values Factset Career Growth & Development What's the Work-Life Balance Like at Factset? Factset Leadership & Management Factset Company Growth, Stability & Outlook

View all jobs at Factset

View Factset Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Norwalk, CT

10,310 Employees

Year Founded: 1978

What We Do

FactSet creates flexible, open data and software solutions for tens of thousands of investment professionals around the world, providing instant access to financial data and analytics that investors use to make crucial decisions. For 40 years, through market changes and technological progress, our focus has always been to provide exceptional client service. From more than 60 offices in 23 countries, we’re all working together toward the goal of creating value for our clients, and we’re proud that 95% of asset managers who use FactSet continue to use FactSet, year after year. As big as we grow, as far as we reach, and as successful as we become, we stay connected to our clients and to each other.