×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Director of Governance, Risk, and Compliance​/TPRM

Job in Chicago, Cook County, Illinois, 60601, USA
Listing for: Independence Pet Group
Full Time position
Listed on 2026-06-27
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Job Description & How to Apply Below
Position: Director of Governance, Risk, and Compliance / TPRM

Senior Director Of Governance, Risk & Compliance (Grc) And Third-Party Risk Management (Tprm)

Location:

Chicago, IL (Hybrid)

Reports To:

Chief Information Security Officer (CISO)

Position Overview

The Senior Director of Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) is an enterprise leadership role accountable for the design, implementation, and continuous maturation of a unified risk and compliance program across a $2.5 billion insurance holding company.

This position holds end-to-end accountability for the information security compliance posture of an organization comprised of 12 Managing General Agencies (MGAs) and 2 insurance carriers, operating within a complex and highly regulated environment.

Operating at the intersection of cybersecurity, regulatory compliance, and third-party governance, this leader serves as the central authority for aligning disparate control environments into a cohesive, measurable, and defensible enterprise risk framework. The role requires executive-level influence, regulatory fluency, and the ability to drive consistency across a federated, acquisition-driven operating model.

Key Responsibilities
  • Enterprise Accountability & Regulatory Posture
    • Own and maintain the enterprise-wide information security compliance posture across all operating entities, ensuring alignment with regulatory expectations and internal risk appetite.
    • Establish a defensible, evidence-driven control environment capable of withstanding regulatory scrutiny across multiple jurisdictions.
    • Serve as the authoritative leader for compliance strategy across MGAs and carrier entities with differing regulatory obligations.
  • Enterprise GRC Strategy & Architecture
    • Design and implement a unified GRC operating model across multiple insurance entities with varying levels of maturity.
    • Establish a control-centric framework leveraging NIST 800-53, ISO 27001, SOC 2, and PCI DSS.
    • Transition the organization from periodic, interview-based assessments to continuous, evidence-driven compliance measurement.
    • Define and operationalize KRIs, control effectiveness metrics, and executive reporting.
  • Regulatory & Audit Leadership
    • Serve as the central point of accountability for regulatory readiness, including NYDFS, state insurance regulators, and international frameworks where applicable.
    • Lead enterprise-wide audit strategy (SOC 2 Type II, ISO 27001, internal audits).
    • Interface directly with regulators and external auditors to ensure consistent narratives, defensible controls, and successful audit outcomes.
    • Drive enterprise remediation strategies with measurable timelines and executive accountability.
  • Third-Party Risk Management (TPRM)
    • Build and scale a comprehensive TPRM program across the full vendor lifecycle.
    • Establish risk tiering, due diligence, and continuous monitoring aligned with enterprise risk tolerance.
    • Integrate TPRM into procurement, legal, and business operations to ensure consistent enforcement.
    • Oversee risk acceptance and exception governance frameworks.
  • Operational Integration & Transformation
    • Harmonize fragmented GRC practices across acquired entities into a centralized and scalable function.
    • Drive automation strategy leveraging GRC platforms (auditboard, Drata, or equivalent) to enable real-time compliance visibility and evidence collection.
    • Embed security, privacy, and identity governance into enterprise-wide control frameworks.
    • Advance organizational maturity toward a "Security First" operating model.
  • Executive Engagement & Cross-Functional Collaboration
    • Provide regular reporting to executive leadership and board-level stakeholders (e.g., Audit Committee, Risk Committee).
    • Collaborate daily with the Chief Privacy Officer (CPO) and Chief Risk Officer (CRO) organizations to ensure alignment across privacy, enterprise risk management, and information security compliance.
    • Translate complex regulatory and technical requirements into business-aligned decision frameworks.
    • Influence enterprise investment decisions through quantified risk exposure and control effectiveness.
  • Leadership & Organizational Complexity
    • Lead a multi-layered global GRC and TPRM organization, including:
      • 4 senior GRC functional leaders
      • A…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search