Position Details

Salary $180K – $230K USD / year

Type Full-Time

Experience executive

Exp. Years 10+ years

Education Not specified

Category Executive & General Management

About this role

Executive-level information security leader responsible for enterprise risk, governance, and compliance across a nonprofit organization, aligning security controls with regulatory requirements and acquisition readiness.

Key Responsibilities

Design and maintain enterprise information security control frameworks
Define policy architecture and cross-domain control requirements
Lead enterprise risk taxonomy and risk scoring
Oversee risk register governance and reporting
Lead and manage enterprise IT internal audit function
Develop and execute risk-based internal audit plans
Conduct independent assessment of control effectiveness
Present findings to executive leadership

Technical Overview

Leads the design of enterprise security control frameworks and policy architecture; oversees internal audit and assurance activities; governs AI, privacy, and vendor risk across distributed teams; interfaces with external auditors.

Ideal Candidate

The ideal candidate is an executive-level information security leader with a track record of building and maturing enterprise security and compliance programs (SOC 2 Type II, ISO 27001, HIPAA), leading internal audits, and guiding governance aligned to organizational growth and risk reduction.

Must-Have Skills

10+ years of leadership in information securityrisk managementand complianceExperience leading SOC 2ISO 27001HIPAA or equivalent frameworksDirect experience leading internal audit or control assurance programsExperience designing enterprise control frameworks across distributed organizations

Nice-to-Have Skills

CISSPCISMCRISCCIAISO Lead ImplementerAcquisitions and regulatory diligence

Required Skills

SOC 2 Type IIISO 27001HIPAANIST-aligned controlsGDPRPIPEDAinternal auditaudit readinessvendor governanceprivacy governanceAI governanceregulatory compliancesecurity governancecontrol testingrisk managementexecutive leadershipboard-facingdata protection

Hard Skills

SOC 2 Type IIISO 27001HIPAANIST-aligned controlsGDPRPIPEDAEssentials 8Data classificationIdentity and access governanceSecurity architecture standardsAI governanceControl testingAudit readinessRegulatory complianceVendor governancePrivacy governanceInternal audit

Soft Skills

Executive communicationBoard-facingLeadershipStrategic thinkingRelationship buildingStakeholder managementProblem solvingRisk-based decision making

Certifications

Preferred

CISSPCISMCRISCCIAISO Lead Implementer

Industry & Role

Industry Nonprofit

Job Function Owns enterprise security governance, risk, and compliance, including internal audit and external audits for the Fedcap Group

Role Subtype Executive & General Management

Keywords for Your Resume

SOC 2 Type IIISO 27001HIPAANISTGDPRPIPEDAinternal auditaudit readinessvendor governanceprivacy governanceAI governanceCISSPCISMCRISCCIAISO Lead ImplementerRegulatory complianceSecurity governanceExecutive leadershipBoard-facing

Deal Breakers

Lack of 10+ years in information security/risk/compliance, Inability to lead external audits or internal audits, No experience with SOC 2 Type II or ISO 27001

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

SVP, Information Security, Risk & Compliance

Get matched to jobs like this