SVP, Information Security, Risk & Compliance

Position SummaryThe Senior Vice President, Information Security, Risk & Compliance serves as the global enterprise authority for technology risk management, security governance, regulatory compliance, and internal audit across The Fedcap Group.This role designs and governs the organization’s security and risk framework while leading internal audit functions related to information technology and control effectiveness. The SVP ensures that enterprise controls are well-designed, independently assessed, and continuously improved to support scalable growth, regulatory integrity, and acquisition readiness. It recognizes that governance is not merely regulatory compliance — it is a mechanism to protect the communities we serve, safeguard entrusted resources, and ensure sustainable impact.Reporting to the CIO, this executive partners closely with Finance, Legal, Infrastructure, Systems, Data, and operating leadership to maintain strong enterprise assurance and risk discipline.This is a remote position working east coast hours.Compensation $180,000 to $230,000 plus Performance bonus potential.MissionTo establish and sustain an enterprise-grade security, risk, compliance, and internal assurance framework that protects the organization, strengthens accountability, reduces risk exposure, and supports sustainable growth as the enterprise scales.Scope of AccountabilitySecurity framework selection and governance such as SOC 2 Type II, ISO 27001, HIPAA, NIST-aligned controls, GDPR, Essentials 8 and PIPEDAEnterprise IT risk management methodology and risk posture oversightRegulatory compliance alignment and audit interfaceControl design standards across infrastructure, systems, identity, and dataIdentity and access governance standardsData classification and information protection standardsSecurity architecture standardsAI governance standardsException management and risk acceptance governanceOwnership of enterprise IT internal audit planning and executionOversight of control testing and independent assurance activitiesPrivacy governance in coordination with Legal and ComplianceEnterprise security reporting to executive leadershipCore ResponsibilitiesEnterprise Security & Risk GovernanceDesign and maintain enterprise information security control frameworks.Define security policy architecture and cross-domain control requirements.Establish enterprise risk taxonomy and risk scoring methodology.Oversee risk register governance and risk reporting cadence.Regulatory & Compliance OversightLead alignment with selected security frameworks.Serve as primary executive interface for external auditors and assessors.Ensure audit readiness and evidence governance discipline.Monitor regulatory changes and assess enterprise impact.Lead and manage the enterprise IT internal audit function.Develop and execute risk-based internal audit plans aligned to enterprise priorities.Conduct independent assessment of control effectiveness across infrastructure, systems, identity, data, and vendor governance.Oversee testing of key controls supporting internal audits and the implemented security and compliance frameworks.Present internal audit findings, risk assessments, and remediation status to executive leadership.Ensure timely and effective corrective action tracking.Strengthen enterprise control maturity through continuous assurance cycles.Internal Audit & Assurance LeadershipControl Design & AssuranceDefine control design standards for Identity & access management, Data classification & retention, Logging and monitoring standards, Vendor risk management, etc.Oversee control testing and assurance coordination.Maintain separation between control design and control operation.Enterprise Risk AdvisoryProvide risk advisory input for RFP technology commitments, M&A due diligence reviews, Vendor governance and financial exposure, AI and automation adoptionPresent risk posture and mitigation strategy to executive leadership.Vendor & Third-Party RiskDefine vendor risk assessment standards.Establish due diligence criteria for security and privacy.Oversee security risk review of acquisition targets.Governance Maturity AdvancementMature predictive risk dashboards.Mature advanced risk analytics.Align governance model with enterprise growth strategy.QualificationsProfessional Experience10+ years of progressive leadership in information security, risk management, and complianceDemonstrated experience leading SOC 2, ISO 27001, HIPAA, or equivalent frameworksDirect experience leading or managing internal audit or control assurance programsExperience designing enterprise control frameworks across distributed organizationsProven executive communication and board-facing experienceExperience supporting acquisitions and regulatory diligenceRelevant certifications preferred (CISSP, CISM, CRISC, CIA, ISO Lead Implementer, etc.)Leadership ProfileThe ideal candidate will:Operate with strong executive presenceBalance risk rigor with business enablementEstablish independence in