Director, Governance, Risk and Compliance - Corporate
Chicago, IL, US, 60606
Ryan Specialty
Ryan Specialty is an international specialty insurance firm that provides innovative solutions for brokers, agents and insurance carriers.Position Summary:
The Director of Governance, Risk & Compliance will report to the Chief Information Security Officer and will lead the Governance, Risk & Compliance workstream on the Information Security team. This role is responsible for enhancing and expanding Ryan Specialty’s GRC portfolio to improve the company’s overall security and compliance posture. The ideal candidate will have detailed working knowledge of security technologies and leading practices, and familiarity in leading a team in maintaining compliance for a regulated business environment. This role will be responsible for leading all information security compliance efforts, working with relevant internal teams to ensure that all compliance obligations are understood, all relevant processes are fully established, and compliance is continuously tracked, measured, and reported on. Additionally, this role will lead the continuing maturation of Ryan Specialty’s cyber risk management efforts, consisting of internal risk management and external Third-Party risk management programs.
Candidates for this role must be collaborative in nature, acting as a true enabler of the business and partner to technology and other departmental leaders and teams, able to drive security outcomes through influence and partnership. Additionally, candidates must have an ability to seamlessly move from deep, detailed conversations to executive level briefings that explain challenging compliance, risk, and technical concepts succinctly.
Essential Functions:
- Lead, in partnership with CISO, the Cyber Governance, Risk and Compliance program, including articulating cyber risks in a business context, their impacts, and recommending mitigation
- Collaborate with the VP of IT Risk Management to manage Information Security risks, including maintaining a risk register, assisting with self-assessments, and contributing to risk management strategies and processes
- Create, maintain and continuously mature information security policies, standards, and controls; work with senior leaders to ensure that any impacts and associated work to remain compliant is included in Product and Technology roadmaps.
- Implement and oversee procedures and controls to assure compliance with applicable regulatory, legal, and contractual requirements
- Continue to mature the third party risk management process
- Support the business, procurement and legal teams regarding security requirements, including review of contractual elements pertaining to security, completing questionnaires, meeting with auditors, etc.
- Collaborate with regulatory compliance on the privacy program
- Participate in or lead security efforts related to M&A, including due diligence assessments and post-acquisition activities to fully integrate acquired entity into all security controls and processes
- In conjunction with IT Risk Management, oversee the remediation of information security related findings identified by Internal Audit, IT Risk, and Third Party Risk Assessments
- Own the security awareness training program, including selection of courses, phishing campaigns, awareness campaigns and reporting
- Provide reporting and metrics to senior leadership
- Work within and across teams on cross functional projects
- If required, provide leadership for incident response activities
Education/Experience/Skills:
- 8+ years of cross-discipline Information Security/Information Technology experience
- 5+ years of leading a GRC function
- Experience applying security frameworks such as NIST CSF, CIS, etc. for self-assessments and working with auditors
- Subject matter expertise in developing and executing company-wide program, policies, procedure, and controls
- The ability to translate modern security technology practices (e.g., passwordless, CI/CD, encryption, etc.) to the language of auditors
- Understanding of the risks in cloud-native and on premise architectures
- Compliance and audit strategies for cloud environments (IaaS, SaaS, etc.)
- Excellent executive presentation and communication skills
- Ability to lead through influence, including at executive levels
- Strong critical thinking skills with ability to challenge normal operations
- Experience working in a team-oriented, collaborative environment
- Completion of prior successful external audits, such as SOC 2, SOX, HIPAA
- Prior experience automating compliance controls
- Certification showing expertise in audit or risk management (e.g., CISA, CISM, CRISC)
- Insurance and/or financial services background is beneficial, but not required
Disclaimer
Ryan Specialty is an Equal Opportunity Employer.* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CI/CD CISA CISM CISO Cloud Compliance CRISC Encryption Governance HIPAA IaaS Incident response NIST Privacy Risk assessment Risk management SaaS SOC SOC 2 SOX
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs