Department Leader - IS Governance, Risk, and Compliance

Innovate here. And see your ideas come to life.

It's an exciting time to work in tech at Edward Jones. We are making massive investments in emerging technologies to improve how we work with our clients and with each other. Relationships are the focus of our business model. And working in Technology here means using your skills to build, deliver and maintain the technologies that enable us to deepen and support those relationships. The best part? We develop and create our own industry-leading solutions internally. And you can be a part of it. Working with emerging new technologies. Creating platforms, programs and experiences that change how we work together - and support our client-first focus. Changing the future of our firm, the industry and the advisor-client relationship.

Job Overview

Position Schedule: Full-Time

This job posting is anticipated to remain open for 30 days, from 01-Oct-2025. The posting may close early due to the volume of applicants.

Team Overview:

As the Cyber Security Department Leader for Governance, Risk, and Compliance (GRC) Practice Management, you are a key member of the Information Security Leadership Team, responsible for driving governance, risk oversight, and regulatory compliance across Cybersecurity, Technology, and Data risk domains. You will collaborate with leaders to align risk management with the organization's security strategy. In this role, you will set the strategic direction and define the approach for Digital Risk Management in alignment with Enterprise Risk Management. This includes establishing frameworks for identifying, assessing, and mitigating risks, and guiding the adoption of industry standards (e.g., NIST CSF, CRI Profile, COBIT). You will shape processes such as exception management, control evaluation, executive risk reporting, and other risk governance activities; and ensure alignment with enterprise objectives and compliance requirements. You will also outline approaches for audits, compliance reviews, and regulatory inquiries while driving continuous improvement while fostering a productive environment for Associates.

What You'll Do:

• Set the strategic direction for Digital Risk Management practices in partnership with the Director, ensuring alignment with Enterprise Risk Management and organizational objectives.
• Oversee governance processes, including policy management, Key Risk Indicators (KRIs), exception management, control evaluation, risk appetite, and executive risk reporting.
• Establish approach to maintaining accuracy of process inventory, control mapping, and effectiveness testing ensuring complete effectiveness and coverage.
• Oversee and manage IT General Control (ITGC) completeness, effectiveness, and support of external audit reviews.
• Ensure controls are tied to regulatory requirements, including SOX, NYDFS, SEC, RegSID, Canada Regulation, EJ Bank Regulators, and other applicable frameworks.
• Directly interface with regulators and oversee associated document tracking, requests, and meetings.
• Shape the risk assessment approach, ensuring comprehensive evaluation and mitigation of risks across Cybersecurity, Technology, and Data domains.
• Collaborate with Enterprise Risk Management, Internal Audit, and other 1st line risk teams to ensure alignment and consistency in risk management practices.
• Ensure ongoing compliance with regulatory requirements by leveraging technology-driven mapping exercises, continuous monitoring of regulatory updates, and engaging in industry peer networking.
• Execute on a workforce management strategy that includes identifying, training, and retaining top talent by providing leadership, development, mentoring, and growth strategies in support of successfully achieving objectives. Provide leadership, development, and mentoring to Team Leaders, and Individual Contributors through examples and timely feedback.
• Accountable for understanding and making prudent decisions related to financials and budgetary considerations for all resources and vendor engagements associated with the organization.

Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage. Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account. Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm's Employee Assistance Program. For more information on the Benefits available to Edward Jones associates, please visit our benefits page.

Hiring Minimum: $140400
Hiring Maximum: $239100

Read More About Job Overview

Skills/Requirements

What Experience You'll Need:

• 10+ years relevant cyber, technology, and / or data risk experience in progressive roles
• 5+ years of leadership preferred
• Be available for on-call work and/or work scheduled outside normal business hours as needed
• Be able to support highly confidential security investigations that require making critical decisions in extremely high-pressure situations that can have significant impact to the Firm (cost, inability to continue business operations, regulatory impacts and fins, and damage to EDJ brand and clients)

• Experience in leading a large team of individual contributors or team of leaders. Including demonstratable experience in: defining strategic initiatives, tracking execution of strategic initiatives against clearly defined metrics, basic budget management, resource management, talent development and coaching, and strong employee engagement.
• In-depth knowledge around leading a security or risk organization (preferably in a regulated industry such as financial). Including: Exceptional, concise, executive-level verbal and written communication, compliance and regulatory adherence, audit and regulatory exam support, continual understanding of the cyber threat landscape, cyber risk management, cyber governance, cyber risk/control/maturity frameworks, cyber technology landscape, and vendor relationship management.
• Subject matter expertise in at least one security domain or two sub-domains. Including: Cyber Governance, Risk and Compliance; Threat and Vulnerability Management; Identity and Access Management; Security Engineering and Operations; Security Architecture; Application Security; Cyber Resilience and Recovery; or Insider Risk.
• Functional understanding of core enterprise technology platforms and best practices. Including: infrastructure, software, data, cloud, engineering, architecture, digital transformation, change management, crisis management, business continuity, and disaster recovery.

What Could Set You Apart:

• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• SANS Global Information Assurance Certifications (GSLC, GSTRT, GCFA, GCLD, GDSA, etc)

Current INTERNAL home-based associates: While this role is posted as hybrid, if selected and accepted, you may retain your home-based status. Edward Jones intends in good faith to continue offering the role as home-based, though future business or regulatory needs may require on-site work.

**Candidates that live within in a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.**

Read More About Skills/Requirements

Awards & Accolades

At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.

Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones

Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones

Read More About Awards & Accolades

About Us

Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns.

Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.

People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.

View our Purpose, Inclusion and Citizenship Report.

¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.

Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.

#LI-HO