SVP, Information Security, Risk & Compliance

Position SummaryThe Senior Vice President, Information Security, Risk & Compliance serves as the global enterprise authority for technology risk management, security governance, regulatory compliance, and internal audit across The Fedcap Group.This role designs and governs the organization’s security and risk framework while leading internal audit functions related to information technology and control effectiveness. The SVP ensures that enterprise controls are well-designed, independently assessed, and continuously improved to support scalable growth, regulatory integrity, and acquisition readiness. It recognizes that governance is not merely regulatory compliance — it is a mechanism to protect the communities we serve, safeguard entrusted resources, and ensure sustainable impact.Reporting to the CIO, this executive partners closely with Finance, Legal, Infrastructure, Systems, Data, and operating leadership to maintain strong enterprise assurance and risk discipline.This is a remote position working east coast hours.Compensation $180,000 to $230,000 plus Performance bonus potential.MissionTo establish and sustain an enterprise-grade security, risk, compliance, and internal assurance framework that protects the organization, strengthens accountability, reduces risk exposure, and supports sustainable growth as the enterprise scales.Scope of AccountabilitySecurity framework selection and governance such as SOC 2 Type II, ISO 27001, HIPAA, NIST-aligned controls, GDPR, Essentials 8 and PIPEDAEnterprise IT risk management methodology and risk posture oversightRegulatory compliance alignment and audit interfaceControl design standards across infrastructure, systems, identity, and dataIdentity and access governance standardsData classification and information protection standardsSecurity architecture standardsAI governance standardsException management and risk acceptance governanceOwnership of enterprise IT internal audit planning and executionOversight of control testing and independent assurance activitiesPrivacy governance in coordination with Legal and ComplianceEnterprise security reporting to executive leadershipCore ResponsibilitiesEnterprise Security & Risk GovernanceDesign and maintain enterprise information security control frameworks.Define security policy architecture and cross-domain control requirements.Establish enterprise risk taxonomy and risk scoring methodology.Oversee risk register governance and risk reporting cadence.Regulatory & Compliance OversightLead alignment with selected security frameworks.Serve as primary executive interface for external auditors and assessors.Ensure audit readiness and evidence governance discipline.Monitor regulatory changes and assess enterprise impact.Lead and manage the enterprise IT internal audit function.Develop and execute risk-based internal audit plans aligned to enterprise priorities.Conduct independent assessment of control effectiveness across infrastructure, systems, identity, data, and vendor governance.Oversee testing of key controls supporting internal audits and the implemented security and compliance frameworks.Present internal audit findings, risk assessments, and remediation status to executive leadership.Ensure timely and effective corrective action tracking.Strengthen enterprise control maturity through continuous assurance cycles.Internal Audit & Assurance LeadershipControl Design & AssuranceDefine control design standards for Identity & access management, Data classification & retention, Logging and monitoring standards, Vendor risk management, etc.Oversee control testing and assurance coordination.Maintain separation between control design and control operation.Enterprise Risk AdvisoryProvide risk advisory input for RFP technology commitments, M&A due diligence reviews, Vendor governance and financial exposure, AI and automation adoptionPresent risk posture and mitigation strategy to executive leadership.Vendor & Third-Party RiskDefine vendor risk assessment standards.Establish due diligence criteria for security and privacy.Oversee security risk review of acquisition targets.Governance Maturity AdvancementMature predictive risk dashboards.Mature advanced risk analytics.Align governance model with enterprise growth strategy.QualificationsProfessional Experience10+ years of progressive leadership in information security, risk management, and complianceDemonstrated experience leading SOC 2, ISO 27001, HIPAA, or equivalent frameworksDirect experience leading or managing internal audit or control assurance programsExperience designing enterprise control frameworks across distributed organizationsProven executive communication and board-facing experienceExperience supporting acquisitions and regulatory diligenceRelevant certifications preferred (CISSP, CISM, CRISC, CIA, ISO Lead Implementer, etc.)Leadership ProfileThe ideal candidate will:Operate with strong executive presenceBalance risk rigor with business enablementEstablish independence in assurance without disrupting operationsBuild credibility across technical and non-technical leadersStrengthen internal audit maturity alongside security governanceDemonstrates a strong commitment to the organization’s mission and understands the role of governance in protecting vulnerable populations and stewarding public trust.Leads with integrity, transparency, and service-oriented values.Success Metrics (First 12 Months)Successful completion of required external audits (SOC 2 / ISO / HIPAA as applicable) with no material control deficiencies.Enterprise IT internal audit program formally established and risk-based audit plan executed.Enterprise risk register implemented with quarterly executive reporting cadence.Identity, data classification, and core security governance standards formally adopted and operationalized.Security, risk, compliance, and internal audit team structure evaluated and strengthened, including clear role definition, performance expectations, and hiring to address critical capability gaps.Company
Mission: We are committed to improving the economic and social well-being of the impoverished and disadvantaged.





For 85 years, The Fedcap Group has developed scalable, innovative and potentially disruptive solutions to some of society’s most pressing needs. The Fedcap Group is the parent company of a growing number of top-tier nonprofit agencies dedicated to serving over 300,000 children and adults each year across the United States and the United Kingdom. The Fedcap Group provides educational services to every age group, vocational training in high-growth labor industries, behavioral health services, work readiness skill-building and jobs—all targeted to helping people achieve long-term self-sufficiency.

The work of The Fedcap Group is structured within four major practice areas: Education, Workforce Development, Occupational Health and Economic Development, which are strategically aligned for maximum impact.

The Fedcap Group also invests its time and resources in broader systems change—working in partnership with federal, state and local government to improve the way services are designed, funded and delivered.


Website:
http://fedcapgroup.org/


Apply Now