Director of Governance, Risk and Compliance

Governance, Risk and Compliance | Long Beach, United States

Description

Laserfiche is hiring a Director of Governance, Risk & Compliance (GRC) to lead enterprise-wide governance, risk and compliance programs at Laserfiche. This hands-on role will be responsible for ensuring the organization operates in alignment with regulatory compliance requirements, industry standards and internal policies, while enabling business agility and operational excellence. The ideal candidate has deep experience in cyber and physical security, IT risk management, business resiliency, AWS services and data privacy—along with hands-on involvement with implementing controls, standards and frameworks such as ISO 27001, NIST 800-53, FedRAMP/GovRAMP and SOC 2 controls (AICPA Trust Services Criteria).
 
Location:
  • Hybrid: Three days per week (Tuesday, Wednesday and Thursday) in-office in Long Beach, CA
  • Remote work from home on Mondays and Fridays
 
 
About the Role - Key Responsibilities:         
 
Governance and Risk Management
  • Develop and lead the enterprise Governance, Risk and Compliance (GRC) program to ensure effective alignment between business objectives, risk management and regulatory compliance requirements.
  • Provide hands-on leadership for AI and security governance, cybersecurity controls (SOC 2, ISO 27001, GovRAMP/FedRAMP, CMMC, NIST 800-53, CJIS, PCI), data privacy and regulatory compliance (EU AI Act, GDPR, CCPA, PIPEDA, HIPAA).
  • Partner with technology and business leaders to assess AI, technology and security risks, and ensure appropriate controls are designed, implemented, tested and operating effectively.
  • Collaborate with ITS, Development and other departments to lead IT, security and business resiliency policy creation, maintenance, communication, training and enforcement across the enterprise.
  • Safeguard Laserfiche information in accordance with Laserfiche Information Security Policies.
 
Compliance & Controls Oversight and Monitoring
  • Own and lead compliance and certification programs (SOC 2, ISO 27001, ISO 42001, ISO 9001, GovRAMP/FedRAMP, CCMC) that are aligned to industry standards and regulatory frameworks.
  • Manage and conduct internal audits, risk assessments, third-party and vendor risk management assessments.
  • Coordinate control self-assessments, remediation and risk treatment plans.
  • Manage and update control matrices and risk registers; ensure controls are mapped to relevant frameworks and operating effectively.
  • Manage continuous controls monitoring and risk reporting provided to external and internal stakeholders.
 
Data Privacy
  • Partner with Legal, ITS, Development, People and other organizations to operationalize privacy requirements.
  • Oversee and perform data mapping and data inventory activities, ensuring accurate organizational understanding of data flows, risks and controls.
  • Collaborate with Legal and other departments on performing DPIA/PIAs and other compliance initiatives.
 
Business Resiliency and Disaster Recovery (DR)
  • Lead the business continuity management program, including performing an annual business impact analysis (BIA), developing, testing and updating BCPs, and providing organizational training in collaboration with L&D. 
  • Coordinate with ITS on DR planning and testing, and working with executive stakeholders on updating and testing crisis management plans (CMP). 
 
Customer Sales Enablement and Product Development
  • Collaborate with Sales, ITS, Development and Legal on sales enablement initiatives including responding to RFPs and customer questionnaires on security controls, data privacy, AI, BCM, DR and CMP. 
  • Serve as a subject matter expert on internal controls and security, and collaborate with Product Strategy, Development and ITS on product enhancements, features and security capabilities.
  • Monitor Laserfiche security controls and compliance with customer contractual requirements. 
About You - Essential Qualifications:
  • Bachelor’s degree in management information systems, IT audit, cybersecurity or related degree program is required 
  • Minimum of 7+ years of experience in information security, IT risk management, compliance, or related GRC disciplines.
  • Certification is required in a relevant area (e.g., CISA, CRISC, CISM).
  • Demonstrated leadership experience building or scaling enterprise GRC programs.
  • Experience with industry regulations (e.g., HIPAA, GDPR, CCPA), GovRAMP/FedRAMP, NIST standards (NIST 800-53), ISO 27001 certifications, SOC 2 reporting and security assessments, and leading frameworks such as AICPA Trust Services Criteria.
  • Strong understanding of privacy regulations and experience with operational privacy work (data mapping and flow diagramming, DPIAs, data governance).
  • Strong technical skills in cybersecurity, controls and AWS security audits; Big Four experience a plus.
  • Excellent communication, presentation and negotiation skills, with the ability to influence internal and external stakeholders and write policies and controls documentation.
  • Exceptional organizational and program management skills with a keen attention to detail.
  • Ability to thrive in a fast-paced environment with competing priorities and deadlines.
  • Ability to manage complex, cross-functional projects with internal and external stakeholders.

 

The salary range varies, and pay is based on several factors including but not limited to education, certifications (if applicable), candidate’s geographic region, job-related knowledge, skills and years of experience amongst other factors. 
  • $180,000 - $230,000 per year
 
Perks & Benefits at a Glance                                  
  • Generous time off:
    • 15 Days of Vacation
    • 3 Floating Holidays
    • 2 Paid Volunteer Days
    • 9 Paid Holidays
  • Hybrid Work Environment
  • Free Parking: covered and EV charging stations
  • Various 401 (k) Investment Options and Generous Company Match
  • HMO and PPO Medical Care Options 
 
Applicants must be authorized to work for Laserfiche in the United States on a full-time basis without the need for employer sponsorship. We are unable to sponsor new employment visas, or take over sponsorship of existing employment visas, at this time.

About Us
Laserfiche is a global leader in intelligent document management and business process automation, dedicated to helping organizations drive digital transformation. Headquartered in Long Beach, California, Laserfiche empowers businesses of all sizes—from dynamic startups to Fortune 500 enterprises—to accelerate productivity, improve collaboration, and deliver exceptional customer experiences.

Through scalable workflows, customizable digital forms, and AI-powered automation, the Laserfiche platform enables teams to simplify complex processes and operate with greater efficiency. Our no-code solutions empower employees to innovate, adapt quickly, and make data-driven decisions that move their organizations forward.
 
 
With a strong global presence and offices across North America, Europe, and Asia, Laserfiche is recognized for its commitment to innovation, quality, and customer success. Our people-first culture fosters professional growth, continuous learning, and collaboration—making Laserfiche a place where talented individuals can shape the future of digital enterprise technology.

Learn more about our team here
 

Laserfiche complies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.                                                       
Laserfiche provides reasonable accommodations for applicants with disabilities upon request. For more information, please contact Talent Acquisition at https://www.laserfiche.com/contact/ or 562-988-1688. 
 
Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, and the Los Angeles Fair Chance Initiative for Hiring Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, meet client expectations, standards, and accompanying requirements, and safeguard business operations and company reputation. 
 
#LI-Hybrid