Director of Governance, Risk, Compliance (GRC), and Privacy

Our mission is to create the Experience of a Lifetime for our employees, so they can, in turn, create the Experience of a Lifetime for our guests. We own and operate the most renowned destination resorts in the world as well as regional and local ski areas outside major cities, and connect them all through one unrivaled network. We are looking for ambitious leaders, innovators and creators to join our talented team. If you’re ready to pursue your fullest potential, we want to get to know you!

Candidates for year-round positions are reviewed on a rolling basis. Applications will be accepted up to 90 days after the posting date, or until the position is filled (whichever is first).

Job Summary:

We are seeking an exceptional Director of Governance, Risk, Compliance (GRC), and Privacy to lead and enhance Vail Resorts compliance, risk management, and privacy strategies. This individual will be a member of the IT Extended Leadership team and will play a pivotal role in ensuring our compliance with regulatory standards, driving risk management frameworks, and fostering a culture of accountability and data security.  The ideal candidate will combine outstanding leadership capabilities with a strong technical foundation, attention to detail, and the ability to effectively communicate across diverse teams and stakeholders.

The Director of Governance, Risk, Compliance (GRC) & Privacy is responsible for developing, implementing, and operating a strategic, risk-based program. Our goal is to implement appropriate practices to protect the organization and its stakeholders while supporting our strategic objectives. This individual will work cross-functionally with IT and Business stakeholders to provide risk and control guidance, create a risk aware and engaged culture, and review and challenge risk-based decisions.  Other key responsibilities include:

Leadership & Strategy:

• Develop and lead GRC and Privacy initiatives aligned with organizational objectives.
• Build, mentor, and manage a high-performing team, fostering a culture of excellence, accountability, and innovation.
• Communicate effectively with senior leadership, presenting complex compliance and risk topics clearly and concisely.

Governance & Risk Management:

• Design and implement a robust governance framework to ensure compliance with global standards and regulations, including SOX, PCI-DSS, GDPR, and others.
• Oversee enterprise risk management programs, including risk assessment, mitigation, and monitoring strategies.
• Collaborate with technical and business units to ensure risk is managed across process, people, and technology domains.

Compliance & Privacy:

• Lead regulatory compliance programs, ensuring adherence to global privacy laws (e.g., GDPR, CCPA).
• Establish and maintain privacy and data governance frameworks, policies, and processes.
• Serve as the primary advisor to leadership on GRC and privacy-related matters.

Technical & Architectural Oversight:

• Drive the development and implementation of security and privacy architectures, ensuring technical solutions align with compliance and risk requirements.
• Assess and integrate emerging technologies to enhance GRC and privacy programs.
• Partner with technical teams to establish and maintain secure infrastructure and processes.

Program Development & Reporting:

• Create key performance indicators (KPIs) and dashboards to measure the effectiveness of GRC and privacy initiatives.
• Ensure proper documentation, reporting, and continuous improvement of programs.
• Represent the organization during audits, assessments, and compliance reviews.

The ideal candidate will have experience building, operating, and maturing effective programs to manage Governance, Risk, Compliance, & Privacy.  As a key addition to the Information Security & Compliance Leadership Team, reporting to the Vice President of Information Security & Compliance, this individual has a critical role in coordinating strategy, obtaining results, sustaining excellence and nurturing team culture and growth. This is a leadership role with regular interactions with our CIO as well as many different IT and Business Leaders.

Job Responsibilities:

• Drive:  Develop and drive ownership and accountability of GRC & Privacy objectives and supporting IT initiatives.
  • Drive clear, concise, aligned outcomes with senior business and technology leaders that balance risk with business objectives.
  • Provide cross-functional team leadership to ensure successful achievement of objectives.
  • Deliver projects and programs; facilitate agreement on objectives and success measures, provide overall project/program issue resolution and roadblock removal. 
• Connect:  Inspire trust and build strong, authentic, productive relationships within the organization and with key stakeholders.  Effectively engage and collaborate with leaders across the organization to develop, define and build on innovative ideas and business priorities.
  • Act as a role model for developing and maintaining positive, collaborative stakeholder relationships.
  • Engage across the organization to quickly connect information and people to drive enterprise projects, programs and initiatives.
  • Understand stakeholder drivers and use that knowledge and those relationships to drive effective prioritization and roadmaps for delivery.
• Develop:   Create an environment of continual improvement both inside and outside of direct team.
  • Be a Producer of Talent with individuals on your team and across the organization.
  • Demonstrate the ability to learn and develop as a self-starter requiring little direction.  We are looking for someone who shows the potential to do more and is a natural leader.
• Out Front: Anticipate the needs of leadership and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.
  • Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. to ensure our strategy and priorities stay appropriately aligned.
  • Present balanced viewpoints of options and recommendations based on strong front-to-back understanding of existing capabilities and frameworks combined with a strong understanding of emerging technologies and best practices.
  • Be curious about our business and seek to understand.
• Re-Imagine: Bring new ideas, methods, and approaches to Vail Resorts and this role.  Leverage own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology.
  • Evolve GRC & Privacy practices to meet an evolving landscape, support growth, and ensure future scalability.
• Passion: Demonstrate an unyielding passion for the employee experience, culture, mission and vision.  Lead by example and inspire others to follow.

Job Qualifications:

• Bachelor’s degree in Computer Science, Information Security, Risk Management, or a related field (Master’s degree preferred).
• 10+ years of relevant work experience including
  • Build and operate a successful program
  • proven ability to successfully lead and oversee critical projects and cross functional efforts
• Strong working knowledge and understanding of key concepts in Information Security, Risk Management, Compliance, Privacy
• Successful regular exposure to Director/VP levels and above within IT and the Business
• Understanding of corporate Governance, Risk, Compliance, and Privacy functions
• Consistently demonstrated growth in their own skills & leadership.
• Relevant professional certifications such as CISSP, CISM, CRISC, CISA, GDPR Practitioner, or equivalents.
• 5+ years supervisory experience
• Technology advocate and proficient in project management tools

Leadership:

• Drive strategy, vision, direction, and prioritization on enterprise wide projects and programs at the senior leadership level.
• Can manage initiatives from concept through to completion, including the development and presentation of a business case.
• Applies critical thinking to generate new thoughts and opportunities; has ability to collaborate and build on strategic and innovative thoughts/ideas.
• Informed on industry standards and practices, and a forward thinker on new and innovative approaches.

Project Management:

• Ability to socialize and manage a portfolio of projects in support of stated strategic objectives.
• Manage operational business impacts as well as technical components of the program or project.
• Provide vision and leadership regarding organizational design and resourcing of large, complex and undefined enterprise wide initiatives including all aspects of management from vision through execution.

Financials:

• Manage enterprise wide programs with complex financial models including internal and external stakeholders and complex contract negotiation.
• Participate in the annual expense and capital budgeting processes & cycles for their areas.

Employee Management:

• Ability to manage/oversee internal and contract resources.
• Ability to produce talent on their team and across the organization

Vendor Management:

• Provide leadership and guidance to external vendors.

The expected Total Compensation for this role is $150,000 - $195,000 + annual bonus + equity. Individual compensation decisions are based on a variety of factors.
 

Job Benefits

• Ski/Mountain Perks! Free passes for employees, employee discounted lift tickets for friends and family AND free ski lessons
• MORE employee discounts on lodging, food, gear, and mountain shuttles
• 401(k) Retirement Plan
• Employee Assistance Program
• Excellent training and professional development

Full Time roles are eligible for the above, plus:

• Health Insurance; Medical Insurance, Dental Insurance, and Vision Insurance plans (for eligible seasonal employees after working 500 hours)
• Free ski passes for dependents
• Critical Illness and Accident plans

Vail Resorts offers a ‘Hybrid’ work environment where employees living within 50 miles of the Broomfield office work on-site Tuesday, Wednesday, Thursday and have flexibility to work off-site on Mondays and Fridays.  Employees living outside of a commutable distance can work remotely from British Columbia, Washington D.C., and the 16 U.S. states* in which we currently operate. This includes: California, Colorado, Indiana, Michigan, Minnesota, Missouri, New Hampshire, New York, Nevada, Ohio, Pennsylvania, Utah, Vermont, Washington State, Wisconsin, and Wyoming.

Please note that the ability to work in person or off-site, and the particulars related to such work, are subject to change at any time; and, accordingly, the Company reserves the right to change its policies and/or require in-person/in-office work or off-site work at any time in its sole discretion. 

In completing this application, and when submitting related documentation, applicants may redact information that identifies their age, date of birth, and/or dates of attendance at or graduation from an educational institution. 

Vail Resorts is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status or any other status protected by applicable law.

Requisition ID  506416
Reference Date: 12/17/2024 
Job Code Function: IT Security