Director, Cybersecurity Governance, Risk, and Compliance, Minneapolis, MN, United States

Director, Cybersecurity Governance, Risk, and Compliance

New Today

Director, Cybersecurity Governance, Risk, and Compliance

Join to apply for the Director, Cybersecurity Governance, Risk, and Compliance role at Sleep Number Corporation

Director, Cybersecurity Governance, Risk, and Compliance

Join to apply for the Director, Cybersecurity Governance, Risk, and Compliance role at Sleep Number Corporation

Get AI-powered advice on this job and more exclusive features.

Company Overview

Sleep Number is a sleep wellness technology leader. For nearly four decades, we have placed sleep at the center of wellbeing, improving over 15 million lives with our Sleep Number smart beds. We are guided by our purpose – to improve the health and wellbeing of society through higher quality sleep. This is exemplified through our 4,000+ mission-driven team members who passionately innovate to drive value creation through our vertically integrated business model, owning the process from start to finish, including selling in our over 650 stores nationwide.

Company Overview

Our team members are encouraged to bring their whole selves to work, sharing their unique perspectives, backgrounds and skills with Sleep Number every day. Whether you are entering, returning or experienced in the workforce, we have a place for you. We hope you join us in creating the future through higher quality sleep.

Position Purpose

As the Director, Cybersecurity Governance, Risk, and Compliance , you are responsible for overseeing enterprise-wide cybersecurity governance, risk management, and compliance programs. This highly visible leadership role ensures alignment with industry standards, regulatory requirements, and corporate policies as well as provides subject matter expertise and strategic guidance to mitigate cybersecurity risk and foster a culture of security across the organization. The Director, Cybersecurity Governance, Risk, and Compliance manages a team with responsibilities spanning policy management, risk assessments, business continuity / disaster recovery, third-party risk, audit support, security awareness and compliance monitoring.

Primary Responsibilities

Cybersecurity Governance and Policy Development

Provide strategic leadership in the development and maintenance of enterprise-wide cybersecurity policies, standards, and procedures aligned with frameworks such as NIST, ISO / IEC 27001, and CIS.
Oversee the enterprise policy lifecycle, ensuring alignment with business objectives and regulatory requirements; lead executive-level policy review and approval processes.
Champion the integration of GRC and business resiliency governance into enterprise IT and business workflows; serve as the executive advisor on policy interpretation and enforcement.
Build and maintain strategic partnerships with Legal, Internal Audit, Privacy, and senior IT / business leaders to ensure cohesive risk governance across domains.

Risk Management and Assessments

Direct the organization's cybersecurity risk management strategy, including oversight of enterprise risk assessments, business impact analyses, and drive vulnerability remediation.

Maintain executive ownership of the cybersecurity risk register, ensuring visibility and accountability for risk remediation across business units.

Chair cross-functional steering committees to align cybersecurity risk and business resiliency priorities with enterprise risk appetite and strategic goals.

Lead the development and continuous improvement of cybersecurity risk posture and reporting to ensure integration with broader enterprise risk initiatives and technology governance (e.g. Enterprise Architecture).

Regulatory Compliance and Audit Support

Ensure enterprise compliance with regulatory, contractual, and industry standards (e.g., SOX, PCI DSS), serving as the executive liaison to auditors and regulators.

Oversee the organization's audit readiness and response strategy, including evidence management, control testing, and remediation tracking.

Provide executive reporting on compliance posture and audit outcomes to senior leadership.

Third-Party Risk and Security Awareness

Lead the strategic direction of the third-party cybersecurity risk program, ensuring robust due diligence and continuous monitoring of vendor security practices.

Collaborate with Procurement and Legal leadership to embed cybersecurity requirements into enterprise sourcing and contracting processes.

Sponsor enterprise-wide security awareness and training initiatives, ensuring alignment with organizational culture and risk profile; oversee metrics and reporting on program effectiveness.

Team Leadership and People Management

Lead and coach a team of cybersecurity professionals, fostering a collaborative and high-performance culture.

Set team priorities, provide feedback, support career development, and conduct performance evaluations.

Allocate resources and assign work to ensure coverage across program areas.

Promote continuous learning and professional growth in Cybersecurity, GRC and BC / DR disciplines, cybersecurity frameworks / technologies.

Position Requirements

Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field; Master's degree preferred.

10 + years of progressive experience in cybersecurity or risk management, with 3+ years in a leadership or managerial capacity.

Professional certifications such as CISSP, CISM, CRISC, or CISA preferred.

Knowledge, Skills & Abilities

High level of comfort operating in high-stakes conversations where clarity, confidence, and accuracy are essential to achieving balanced, risk-informed decisions.

Skilled innegotiating audit and compliance outcomesby clearly articulating risk-based justifications, challenging assumptions when necessary, and ensuring that recommendations are aligned with business realities

Expert knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO / IEC 27001) and regulatory standards (e.g., SOX, PCI DSS).

Excellent leadership, collaboration, and communication skills, with the ability to influence across business and technical teams.

Proficiency in GRC tools (e.g., AuditBoard) and risk assessment platforms.

Ability to interpret complex technical and regulatory information and translate into actionable business guidance.

Working Conditions

Sleep Number offers a hybrid work environment that supports a flexible blend of remote work and in-office collaboration at our corporate headquarters in Minneapolis, Minnesota. #PIQ

Salary Pay Range : $163,800.00 -$240,267.00

Wellbeing

Wellbeing is more than a catchphrase - it's a movement that permeates our company and through our team members. We are dedicated to enhancing and supporting the wellbeing of our team members and their families through benefits, programs, and resources across our five wellbeing pillars of emotional, financial, career, community, and physical health, with sleep at the center.

By joining our team, in addition to offering competitive pay programs, we are proud to offer eligible team members an extensive benefits package including, but not limited to medical and pharmacy benefits, dental, life and disability insurance, a matched 401(k) Plan, paid time off, and much more.

Safety

Safety is a top priority for Sleep Number supporting customers and team members wellbeing. We are committed to maintaining a safe and healthy work environment for all team members that are consistent with CDC guidelines, U.S. Department of Labor's Occupational Safety and Health Administration (OSHA), and state / local laws.

EEO Statement

Sleep Number is an equal opportunity employer. We are committed to recruiting, hiring and promoting qualified people and prohibit discrimination based on race, color, marital status, religion, sex (including gender, gender identity, gender expression, transgender status, pregnancy, childbirth, and medical conditions related to pregnancy or childbirth), sexual orientation, age, national origin or ancestry, citizenship status, physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed servicemember status or any other status protected by federal, state, or local law.

Americans With Disabilities Act (ADA)

It is Sleep Number's policy to provide reasonable accommodations to qualified individuals with disabilities during the application process, consistent with applicable law. We may require supporting medical or religious documentation where applicable and permissible by law. If you are a qualified individual, you may request a reasonable accommodation at any time during the selection process, including if you are unable or otherwise limited in your ability to access open roles here.

Seniority level

Director

Employment type

Full-time

Job function

Information Technology

Industries

Retail

Referrals increase your chances of interviewing at Sleep Number Corporation by 2x

Director of Network Security - Zero Trust Platforms

Maplewood, MN $228,040.00-$278,715.00 14 hours ago

Associate Director, Security Delivery Management

Director of Plant Maintenance and Security

St Paul, MN $131,040.00-$212,742.41 2 weeks ago

Director Counsel, Securities (hybrid in Minneapolis)

Senior Manager, Information Security - Architecture and Engineering

Minneapolis, MN $145,000.00-$175,000.00 1 day ago

Minneapolis, MN $85,000.00-$190,000.00 2 days ago

Senior Manager of Information Security - Application Security

Minneapolis, MN $145,000.00-$175,000.00 1 day ago

Director, Senior Cloud Security Architect

Associate Director, GCP Security Specialist

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr

#J-18808-Ljbffr

Apply

Location:: Minneapolis, MN, United States
Salary:: $200,000 - $250,000
Job Type:: FullTime
Category:: IT & Technology

Start a New Search