Share this Job

Title:  IT Governance Principal - Remote

Job ID:  3298


Category:  Information Technology

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 



The IT Governance Principal/Lead position is an individual contributor role responsible for the implementation and operation of IT Governance, Risk, and Compliance (GRC) activities for the Enterprise. The IT Governance Principal will help further and maintain IT Governance - leveraging the organization's security standards and applicable compliance regulations and IT Compliance with applicable IT standards, laws, and regulations.  This individual will have a strong understanding of the SSAE 18 AICPA reporting standards, and an understanding of compliance frameworks supported such as SOC1, SOC2 (Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles), NIST, HITRUST, HIPAA, and GDPR. This position reports directly to the Director of GRC. Candidate should have a strong sense of ownership and be able to work autonomously.



Candidate will be directly responsible for leading (and/or supporting):

  • Annual IT audit programs including SSAE-18 SOC2, SOX 404, ISO certification(s), and HiTrust initiatives.
  • Integrating GRC requirements into broader technology governance processes (e.g., cybersecurity, operational readiness, SDLC, enterprise architecture, ITIL processes, client security, supply chain security), ensuring IT Governance and Compliance practices are operating across all facets of the enterprise.
  • Elevate Cyber risk-management function, including risk register and risk lifecycle processes (i.e., identification, assessment, remediation, exception/acceptance).
  • Support of Control Framework(s) including IT/Security control assessment program (CSA/SCA) which is inclusive of testing key controls such as patch management, backup process, vulnerability management, cybersecurity, and network-related controls.
  • Interprets regulations affecting control standards and suggests methods of updating policies and practices that address any risk concerns so as to maintain IT and regulatory compliance.
  • Identify, define and update security standards and policies for servers, endpoints, network infrastructure, and cloud environments with supporting audit and reporting processes.)
  • Plan re-mediations with proper stakeholders
  • Liaise with application engineering, IT operations, IT Infrastructure, IT security, HR, Marketing, and business teams to provide accurate and timely responses to internal and external audit requests and related activities.
  • Provide timely and accurate status and metrics.
  • Advocate for all business areas while accounting for and balancing risk

Administrative Expectations

Demonstrated leader with team-oriented interpersonal skills; ability to effectively interface with a broad range of team members and roles.

Ability to work independently with or without direction and/or supervision.

Ability to prioritize workload and multitask. Flexibility and adaptability in work approach.

Ability to work directly with internal and external audit partners.

Calmness, clarity, and due diligence process-oriented and work well under pressure, and has the ability to maintain confidentially.

Strong written and verbal communication skills and maintains attention to detail



  • Subject matter expertise of IT Governance, Risk, and Compliance (GRC) discipline
  • Knowledgeable in IT Service Delivery, ITIL, and Project Management.
  • Deep understanding of cybersecurity concepts including tools/technology
  • Proven experience in SSAE18 SOC, SOX, or HiTrust audits for medium to large enterprises
  • Risk frameworks and ISO27001 knowledgeable
  • Working knowledge and experience with MS Office products including Word, Excel, PowerPoint & Visio, and SharePoint
  • Expert in writing/updating documentation to include standards, policies, and procedures
  • Technical proficiency in UNIX, DNS, Windows Server, Internet routing, TCP/IP protocols, Network technologies, Active Directory, and other foundational technology concepts
  • Knowledge of risk assessment procedures, policy formation, role-based authorization Methodologies, authentication technologies, and cyber-attack techniques
  • Ability to relate business requirements & risks to technology implementation for security-related issues

Previous Work Experience

  • 8 or more years working in IT GRC
  • 8 or more years of Information Technology-related work experience.
  • 5 years of Identity Governance and Administration (IGA) or Access Management experience
  • 5 or more years of experience in SOC/SOX-related audits.
  • 5 or more years of experience with Risk/Control Risk frameworks (NIST CSF, ISO, COBIT)
  • 5 or more years of experience with Vulnerability Management
  • 3 years of experience with Cloud Governance, cloud applications, and Infrastructure
  • Experience working in the Financial Services Industry and/or Fintech
  • Experience leading projects and service delivery initiatives.
  • Internal/external customer-facing experience.

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access as a result of your disability.  You can request a reasonable accommodation by sending an email to #BI-Remote

Job Segment: Information Technology, IT Architecture, System Administrator, Sharepoint, Developer, Technology