GVP, Governance, Risk and Compliance

Warner Bros. Discovery

About The Position

We are seeking a results-oriented Group Vice President (GVP), Information Governance, Risk & Compliance to establish and lead an enterprise-wide information risk and compliance function. This role ensures regulatory compliance, manages information and data risk, and supports a strong, defensible security and privacy posture across the company. The GVP oversees key programs including information, cybersecurity, and privacy compliance and assurance activities, SOX IT compliance, regulatory and industry compliance programs, vendor and third-party information risk management, control effectiveness and vulnerability management, and enterprise security and privacy training. The role owns global information risk and privacy policies, standards, and processes, and ensures governance and assurance activities are executed consistently and aligned with corporate objectives. This role partners closely with internal audit, legal and privacy, enterprise IT, product, business leaders, and vendors to manage information risk across the enterprise. The successful candidate demonstrates sound judgment, strong execution discipline, clear executive communication skills, and experience leading globally distributed teams in complex environments.

Requirements

Proven senior leadership experience leading or significantly scaling enterprise or large-scale information governance, risk, compliance, privacy, or related oversight functions within a complex organization.
Strong expertise across information governance, regulatory and industry compliance, and assurance, with direct experience leading multiple regulatory or control frameworks (e.g., SOX IT controls, PCI, SWIFT, privacy and data protection requirements, or similar standards).
Demonstrated ability to design, operate, or materially evolve governance and compliance frameworks aligned with enterprise risk objectives, regulatory expectations, and business priorities.
Experience overseeing compliance and assurance activities, including control design and operating effectiveness evaluations, audit support, regulatory examinations, or comparable independent assurance functions.
Sound executive judgment with a track record of driving outcomes, navigating complexity, and making informed decisions, including in matrixed environments where authority or scope may be shared.
Proven ability to partner effectively with senior leaders across cybersecurity, internal audit, legal and privacy, enterprise risk management, technology, product, and business functions.
Experience leading and developing teams or functions in global, matrixed environments, with a focus on accountability, execution discipline, and talent development.
Excellent written and verbal communication skills, with the ability to clearly convey complex governance, risk, and compliance topics to executive leadership and governance forums.

Nice To Haves

Advanced degree and/or relevant professional certifications preferred (e.g., CISA, CRISC, CIPP, CIPM, CISSP, or comparable credentials).

Responsibilities

Provide executive leadership for enterprise-wide Information Governance, Risk & Compliance, ensuring effective governance, compliance, and assurance across all information-related risks.
Maintain and evolve a comprehensive information governance, risk, and compliance framework, aligned with regulatory requirements, industry standards, corporate risk objectives, and enterprise risk appetite.
Oversee information risk compliance and assurance activities, ensuring consistent evaluation of control design and operating effectiveness, with clear reporting of findings, remediation progress, and trends.
Provide leadership for the enterprise function responsible for consumer and employee privacy rights request fulfillment, ensuring compliant, timely, and accurate execution in accordance with global privacy laws and regulatory requirements.
Direct regulatory, statutory, and industry compliance programs, including SOX IT controls and other applicable frameworks (e.g., PCI, SWIFT, and similar requirements), ensuring audit readiness and effective issue tracking and resolution.
Own global information governance, risk, and privacy policies, standards, and procedures, ensuring consistent adoption, enforcement, and ongoing relevance across the enterprise.
Guide third-party and vendor information risk management, including risk assessment, monitoring, and escalation, in partnership with procurement, legal, and business stakeholders.
Ensure effective oversight of control effectiveness, vulnerability, and compliance management programs, with clear accountability, prioritization, and enterprise-level reporting.
Build, lead, and retain a high-performing, globally distributed team, fostering accountability, execution discipline, and professional growth.
Deliver clear, actionable information risk and compliance reporting to executive leadership and governance bodies to support informed decision-making and oversight.
Collaborate with internal audit, legal and privacy, enterprise risk management, cybersecurity, enterprise IT, product, and business leaders to align information risk activities with enterprise priorities and governance expectations.