Director - Governance, Risk and Compliance

FactSet creates flexible, open data and software solutions for over 200,000 investment professionals worldwide, providing instant access

to financial data and analytics that investors use to make crucial decisions.


At FactSet, our values are the foundation of everything we do. They express how we act and operate, serve as a compass in our decision-making, and play a big role in how we treat each other, our clients, and our communities. We believe that the best ideas can come from anyone, anywhere, at any time, and that curiosity is the key to anticipating our clients' needs and exceeding their expectations.


Locations: Norwalk, CT | New York City

Working Environment: Hybrid

Your Team's Impact:

The Information Security team at FactSet drives cybersecurity governance, risk, and compliance activities across the Technology organization. The team is responsible for ensuring that technology systems, infrastructure, and projects are effectively designed, managed and optimized to meet security and regulatory requirements. This includes promoting cross-functional collaboration to identify and remediate cyber risks consistently and reporting KRIs and KPIs.


We are seeking an experienced, proactive Cyber Risk Leader to serve as the Director of Governance, Risk, and Compliance. This critical role involves leading a global GRC team within the Information Security function, with responsibilities spanning strategic management of cyber risk, third-party risk, customer trust, and development of policies and standards. The successful candidate will collaborate with Technology, Compliance, Business, and Legal teams to update audit frameworks and assess cyber risks, partnering with internal and external auditors to support technology audits. In addition to providing strategic reports for senior management and guidance on regulatory alignment, the role demands input into technology decisions and crafting long-term strategic roadmaps. Reporting directly to the CISO, the ideal candidate will leverage deep technical knowledge, exceptional analytical skills, and strong collaborative abilities to drive measurable security outcomes and uphold FactSet's commitment to industry-standard compliance.

What You'll Do:

• Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short-term and long-term roadmaps.
• Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
• Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer-facing security posture.
• Lead and mature the third-party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
• Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
• Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
• Foster a cyber-aware culture by implementing training programs, managing a Security Culture Framework, and building a high-performing GRC team through leadership, mentoring, and development.
• Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
• Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.

Qualifications:

• Bachelor's degree in information technology, Computer Science, or a related field. Master's degree is preferred.
• 15+ years of experience in information security focusing on governance, risk and compliance domains.
• Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
• Hands-on experience with third-party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
• In-depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
• Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
• Familiarity with AI tools and trends such as generative and agentic AI, with a willingness to creatively apply emerging technologies to address identified risks.
• Strong leadership and interpersonal skills, with the ability to coach and grow the GRC team, set clear objectives, and foster collaboration across functions and levels.
• Proven ability to partner with Legal, Procurement, Technology, Compliance, Product, and Engineering teams to integrate security policies and standards into business processes.
• Professional certifications like Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) are strongly preferred.

The budgeted base salary for this position in the state of Connecticut and NYC is $185,000-220,000 US applicants must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

What's In It For You:

• The opportunity to join a growing firm with a proven track record of success for over 40 years, made up of thoughtful, innovative minds that value collaboration and welcome your new ideas to the table.
• Mentorship and growth opportunities from senior employees.
• Career progression planning and a focus on career development, complete with dedicated time each month for conference attendance, online learning seminars, and networking.
• A robust social community dedicated to volunteerism, intramural sports, and team-building events.
• Business resource groups that align with our company value of "Always Inclusive," designed to foster a welcoming and supportive environment for all.

Learn more about our benefits here.

Company Overview:


FactSet (NYSE:FDS | NASDAQ:FDS) helps the financial community to see more, think bigger, and work better. Our digital platform and enterprise solutions deliver financial data, analytics, and open technology to more than 8,200 global clients, including over 200,000 individual users. Clients across the buy-side and sell-side, as well as wealth managers, private equity firms, and corporations, achieve more every day with our comprehensive and connected content, flexible next-generation workflow solutions, and client-centric specialized support. As a member of the S&P 500, we are committed to sustainable growth and have been recognized among the Best Places to Work in 2023 by Glassdoor as a Glassdoor Employees' Choice Award winner. Learn more at and follow us on X and LinkedIn.


At FactSet, we celebrate difference of thought, experience, and perspective. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, disability, protected veteran status or other characteristics protected by law. FactSet participates in E-Verify