[Remote] Assistant Director, Cyber GRC

Note: The job is a remote job and is open to candidates in USA. Principal Financial Group is seeking an experienced Assistant Director of Cyber GRC to join their Information Security and Risk GRC team. The role involves leading cybersecurity regulatory compliance activities, engaging with regulators, and translating regulatory requirements into practical security controls while partnering with various teams to enhance compliance and security posture. Responsibilities • Design global cybersecurity assurance program, including control gap assessments, testing, evidence management, and continuous monitoring • Evaluate control effectiveness and recommend process or tooling improvements to improve efficiency and coverage • Monitor and interpret changes in global cybersecurity laws, regulations, and standards (e.g., NIST, SOX, SOC, GDPR, HIPAA) • Translate regulatory requirements into actionable security controls, metrics, and framework mappings • Support control design enhancements to address regulatory expectations and emerging risks • Support readiness for regulatory exams, audits, and third‑party assessments • Participate in audits, coordinate responses to inquiries, and track remediation activities • Partner with IT, Legal, Risk, Compliance, and Audit teams to align cybersecurity controls with regulatory obligations • Provide subject‑matter guidance on GRC best practices and control design • Provide training and awareness on regulatory compliance topics, as needed • Develop and maintain reporting on control posture, findings, and remediation progress • Communicate regulatory changes, risks, and control insights to leadership Skills • Bachelor's degree in information security, cybersecurity, law, or a related field or equivalent experience • 8+ years of experience in cybersecurity, information risk, or IT compliance • Direct, hands-on experience engaging with regulators (e.g., scoping exams, responding to information requests, and/or presenting to examiners) • Proven experience with regulatory frameworks and standards such as NIST CSF and 800-53, SOX, SOC, GDPR, and HIPAA • Exceptional written and verbal communication skills with an ability to brief executives and regulators with clarity and confidence • Strong stakeholder management experience with the ability to influence cross-functional teams and drive accountability without direct authority • Experience designing cybersecurity assurance program in a regulated industry (e.g., finance, insurance, government) • Professional certifications such as CISA, CISM, CGRC, CRISC, or CISSP • Familiarity with risk management methodologies and tools • Diplomacy and professionalism in high-stakes discussions • Ability to consult on technical controls Benefits • Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness. • Pension Eligible Company Overview • Principal Financial Group® is dedicated to improving the wealth and well-being of people and businesses around the world—helping more than 62M customers plan, protect, invest, and retire as of December 31, 2023. It was founded in 1879, and is headquartered in Des Moines, Iowa, USA, with a workforce of 10001+ employees. Its website is Apply tot his job