Director, Commercial Solutions

RegScale is a purpose-built cyber GRC platform designed to enable the CISO to track and monitor security controls. We help organizations break out of the slow and expensive realities that plague legacy GRC tools by bridging security, risk, and compliance through controls lifecycle management. By leveraging RegScale's Continuous Control Monitoring (CCM) instrumentation, organizations experience massive compliance process improvements like 90% faster certification times, and 60% less audit prep time. Today's expansive security and compliance requirements can only be met with a modern, CCM-based approach, and RegScale is the market leader in that space. 

The Role 

RegScale is seeking a Director, Commercial Solutions to lead our expansion into commercial enterprise markets — spanning industries like financial services, healthcare, and technology. This role is for someone who is fundamentally dissatisfied with how GRC has always been done and is driven to replace legacy, manual compliance programs with modern, automated, AI-powered approaches. 

You are not a requirements gatherer. You are an innovator. You've spent years inside compliance programs, felt the inefficiency firsthand, and now you want to tear it down and rebuild it with better tools. You think creatively about how software and AI can eliminate work that humans shouldn't be doing — and you have the credibility to convince compliance practitioners to trust the new way. 

Reporting to the Chief Product Officer, you'll serve as the solution owner for our commercial verticals. You'll work directly with customers and prospects to understand their scaling challenges, define prescriptive and repeatable workflows that make complex compliance manageable, and validate that our platform delivers real-world impact. The through line of everything you do is tooling innovation: using RegScale's platform and emerging AI capabilities to solve problems that legacy GRC tools have failed to crack for decades. 

Key Responsibilities 

• Own the commercial product strategy and execution roadmap across key industry verticals including financial services, healthcare, and technology, ensuring alignment with customer needs and market demands. 
• Serve as the subject matter expert (SME) for commercial Cyber GRC within the RegScale product organization — the go-to voice for how enterprises outside of government manage compliance at scale. 
• Drive the design of prescriptive, opinionated workflows that guide commercial customers through core compliance tasks — multi-framework management, continuous monitoring, audit response, and risk management — without requiring RegScale or compliance expertise to operate. 
• Partner with customers and prospects to identify pain points, use cases, and success criteria; synthesize those insights into data-informed product decisions. 
• Translate customer and market needs into clear, actionable product requirements for engineering and product teams; collaborate closely with Product Management and Engineering on solution design, prioritization, and validation. 
• Accept product builds for your area — ensuring solutions meet functional expectations and deliver genuine customer value before release. 
• Be the product org's primary innovator on tooling: constantly asking "how does software and AI eliminate this manual step?" and driving those answers into the platform roadmap. 
• Lead the integration of AI and automation to fundamentally reimagine — not just incrementally improve — how commercial organizations manage risk and compliance programs at scale. 
• Work with significant existing and prospective customers to develop public references and case studies that establish RegScale's credibility in commercial markets. 
• Partner with Sales, Marketing, and Customer Success to enable go-to-market readiness and ensure customers realize value from our solutions. 
• Represent RegScale at industry events, roundtables, and customer meetings as a trusted expert in commercial GRC. 

What We're Looking For 

• 10+ years of experience directly managing Governance, Risk, and Compliance programs within commercial enterprises — financial services, healthcare, technology, or similarly regulated environments. 
• A track record of applying software tooling and AI to modernize compliance programs — you've actually done it, not just recommended it. You know what it takes to move an organization from spreadsheets and email to instrumented, continuous compliance. 
• Deep, creative instincts for how automation changes what's possible: you don't accept "that's how compliance works" as an answer, and you've built or shaped tools that proved it. 
• Deep, hands-on familiarity with multi-framework compliance programs (e.g., NIST CSF, ISO 27001, PCI-DSS, HIPAA, SOC 2, HITRUST) and the operational complexity of running them simultaneously. 
• Proven ability to translate complex compliance requirements into actionable processes and technical requirements that non-experts can execute. 
• Experience scaling compliance programs through tooling and automation — you understand what it takes to go from manual, spreadsheet-driven programs to instrumented, continuous compliance. 
• Strong instincts for workflow design and customer experience — you've felt the friction of poor GRC tooling firsthand, you have strong opinions about how to fix it, and you've been frustrated enough to do something about it. 
• Experience collaborating cross-functionally across business, product, and technology teams. 
• Strong communicator — equally comfortable with executive stakeholders, technical contributors, compliance practitioners, and external audiences. 
• Passion for innovation and a genuine desire to modernize how enterprises approach compliance. 

Bonus Points For 

• Prior experience in a product, solution management, or consulting role within a SaaS or software company. 
• Familiarity with CCM, automation, or continuous compliance platforms. 
• Experience driving commercial go-to-market motions for technical products in regulated industries. 
• Thought leadership or market presence in the GRC space (speaking, writing, community participation).