University of Delaware
Director GRC & Security Architecture

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Pay Grade: 33S
Context of Job:
The Director of GRC and Security Architecture is a senior leadership role responsible for governing the organization’s information security risk, compliance, and architectural security posture. This role provides enterprise-wide leadership across governance, risk management, regulatory compliance (including HIPAA), and security architecture to ensure security controls are designed, implemented, and operating effectively in support of business, academic, and clinical objectives.
Serving as the designated HIPAA Security Officer, this role partners closely with Legal, Privacy, Compliance, IT, Cloud, Application, and Security Operations teams to ensure regulatory readiness, risk-informed decision-making, and secure-by-design technology architecture across on-premises, cloud, and SaaS environments.
This position reports to the Chief Information Security Officer of the University.
Major Responsibilities:
Governance, Risk & Compliance (GRC)
- Lead the enterprise Information Security Governance, Risk, and Compliance (GRC) program.
- Establish and maintain security policies, standards, procedures, and control frameworks aligned with NIST, HITRUST, ISO 27001, and other applicable frameworks.
- Oversee enterprise risk assessments, third-party risk management, and control effectiveness evaluations.
- Translate regulatory, legal, and contractual requirements into actionable security controls and architectural standards.
- Ensure ongoing compliance with applicable regulations and standards, including HIPAA, PCI DSS, FERPA, SOC 2, and FIPS-140, as applicable
HIPAA Security Officer Responsibilities
- Serve as the organization’s designated HIPAA Security Officer.
- Oversee administrative, technical, and physical safeguards required under the HIPAA Security Rule.
- Partner with Privacy, Legal, Compliance, and Health IT leadership on risk analyses, remediation plans, and regulatory inquiries.
- Support audits, investigations, and compliance reviews related to protected health information (PHI).
- Ensure appropriate security awareness and HIPAA training programs are developed and delivered across the organization. Security Architecture & Secure Design
- Own and lead the security architecture function, defining enterprise security architecture principles, reference architectures, and design standards.
- Review and approve security architecture for new systems, applications, cloud services, and major technology initiatives.
- Ensure security is embedded early in system lifecycle activities through secure-by-design and defense-in-depth principles.
- Partner with infrastructure, cloud, application, and DevOps teams to integrate security requirements into platforms and solutions.
- Guide architectural decisions related to identity, network segmentation, encryption, key management, logging, and data protection.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Strategic Planning & Program Leadership
- Contribute to and lead multi-year security strategy and roadmap development in alignment with organizational objectives.
- Actively participate in enterprise security and risk governance forums, advising executive leadership on risk posture and architectural trade-offs.
- Balance risk reduction with operational efficiency, usability, and institutional mission requirements.
- Serve as a trusted advisor to schools, departments, and business units on risk and architectural security decisions.
Oversight of Security Technologies & Controls
- Provide governance and oversight for security technologies supporting risk management, compliance, and architectural controls.
- Ensure alignment between security architecture standards and operational security tooling.
- Evaluate new security technologies and frameworks to address evolving regulatory and threat landscapes.
Metrics, Reporting & Communication
- Develop and report meaningful risk and compliance metrics to senior leadership and governance committees.
- Communicate complex security and compliance topics clearly to technical and non-technical stakeholders.
- Provide executive-level reporting on risk trends, compliance posture, and architectural maturity.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Leadership & Talent Development
- Lead and develop GRC and security architecture professionals.
- Establish clear role definitions, performance expectations, and professional development pathways.
- Foster a culture of accountability, continuous improvement, and collaboration across security and IT teams.
Budget, Vendor & Resource Management
- Manage budgets associated with GRC, compliance, and security architecture programs.
- Oversee vendor relationships related to risk management, compliance tooling, and architectural services.
- Ensure responsible financial stewardship and alignment with strategic priorities.
Qualifications:
- Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field (Master’s preferred).
- Seven years of progressive experience in information security, risk management, or IT, including leadership roles.
- Demonstrated experience leading GRC programs, regulatory compliance efforts, and enterprise risk management.
- Strong knowledge of HIPAA Security Rule, PCI DSS, and related regulatory frameworks.
- Proven experience defining and governing security architecture across enterprise and cloud environments.
- Excellent written and verbal communication skills, including executive-level presentations.
- Experience supporting healthcare, higher education, or regulated enterprise environments preferred.
- Hands-on experience with NIST, HITRUST CSF, ISO 27001, SOC 2, and third-party risk frameworks preferred.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent preferred.
- Experience partnering closely with SOC, IR, Privacy, and Legal teams preferred.
- Demonstrated success leading organizational change and maturing security governance programs preferred.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills