Barracuda Networks is hiring a Director, Global Governance, Compliance and Risk

Responsibilities

• Lead the development and ongoing enhancement of the governance and policy management structure, ensuring policies reflect current standards and are effectively implemented across the organization.
• Direct the enterprise risk management initiative, covering risk discovery, evaluation, reporting, and monitoring of corrective actions.
• Oversee all phases of internal and external audits, including compliance with SOC 2, ISO 27001, PCI-DSS, and client-led reviews.
• Sustain and evolve the information security control framework, verifying correct design, deployment, and continuous validation.
• Collaborate with multidisciplinary teams to establish, manage, and supervise compliance initiatives throughout the business.
• Create governance reports for senior executives, clearly conveying the maturity of programs, risk exposure, and compliance standing.
• Advance GRC processes through automation and improved tooling to boost operational efficiency and effectiveness.
• Lead and coordinate GRC efforts to meet and maintain adherence to regulatory standards and certifications such as ENS, Lince, the CRA Cybersecurity Resiliency Act, and the EU AI Act, ensuring full and lasting compliance.

Benefits

• Equity through non-qualifying stock options
• Comprehensive health insurance coverage
• Employer-matched retirement savings plan
• Opportunities for professional advancement
• Flexible and paid time off policies
• Programs supporting employee volunteerism

Compensation

Equity, in the form of non-qualifying options

Responsibilities

• Own and continuously mature the organization’s governance and policy management framework, ensuring policies are current, aligned with best practices, and effectively adopted.
• Lead the enterprise risk management program, including risk identification, assessment, reporting, and tracking of remediation activities.
• Manage and oversee external and internal audits end‑to‑end, including SOC 2, ISO 27001, PCI-DSS, and customer assessments.
• Maintain and advance the company’s information security control framework, ensuring proper design, implementation, and ongoing assurance activities.
• Partner with cross‑functional teams to build, maintain, and monitor compliance programs across the business.
• Develop governance reporting for executive leadership, articulating program maturity, risk posture, and compliance status.
• Drive continuous improvement in GRC processes, automation, and tooling to increase efficiency and effectiveness.
• Oversee and direct the organization's GRC initiatives to achieve and maintain compliance with relevant regulations and certifications, including ENS, Lince, the CRA Cybersecurity Resiliency Act, and the EU AI Act, ensuring that all requirements are fully satisfied and sustained.

Benefits

• Equity, in the form of non-qualifying options
• High-quality health benefits
• Retirement Plan with employer match
• Career-growth opportunities
• Flexible Time Off and Paid Time Off benefits
• Volunteer opportunities