Director of Governance, Risk, and Compliance – TPRM

Independence Pet Group

. Own and maintain the enterprise-wide information security compliance posture across all operating entities, ensuring alignment with regulatory expectations and internal risk appetite.

Posted 5/22/2026full-timeChicago • Illinois • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies

Cyber Security

About the role

Key responsibilities & impact

Own and maintain the enterprise-wide information security compliance posture across all operating entities, ensuring alignment with regulatory expectations and internal risk appetite.
Establish a defensible, evidence-driven control environment capable of withstanding regulatory scrutiny across multiple jurisdictions.
Serve as the authoritative leader for compliance strategy across MGAs and carrier entities with differing regulatory obligations.
Design and implement a unified GRC operating model across multiple insurance entities with varying levels of maturity.
Establish a control-centric framework leveraging NIST 800-53, ISO 27001, SOC 2, and PCI DSS.
Transition the organization from periodic, interview-based assessments to continuous, evidence-driven compliance measurement.
Define and operationalize KRIs, control effectiveness metrics, and executive reporting.
Serve as the central point of accountability for regulatory readiness, including NYDFS, state insurance regulators, and international frameworks where applicable.
Lead enterprise-wide audit strategy (SOC 2 Type II, ISO 27001, internal audits).
Interface directly with regulators and external auditors to ensure consistent narratives, defensible controls, and successful audit outcomes.
Drive enterprise remediation strategies with measurable timelines and executive accountability.
Build and scale a comprehensive TPRM program across the full vendor lifecycle.
Establish risk tiering, due diligence, and continuous monitoring aligned with enterprise risk tolerance.
Integrate TPRM into procurement, legal, and business operations to ensure consistent enforcement.
Oversee risk acceptance and exception governance frameworks.
Harmonize fragmented GRC practices across acquired entities into a centralized and scalable function.
Drive automation strategy leveraging GRC platforms (auditboard, Drata, or equivalent) to enable real-time compliance visibility and evidence collection.
Embed security, privacy, and identity governance into enterprise-wide control frameworks.
Advance organizational maturity toward a “Security First” operating model.
Provide regular reporting to executive leadership and board-level stakeholders (e.g., Audit Committee, Risk Committee).
Collaborate daily with the Chief Privacy Officer (CPO) and Chief Risk Officer (CRO) organizations to ensure alignment across privacy, enterprise risk management, and information security compliance.
Translate complex regulatory and technical requirements into business-aligned decision frameworks.
Influence enterprise investment decisions through quantified risk exposure and control effectiveness.
Lead a multi-layered global GRC and TPRM organization, including: 4 senior GRC functional leaders, a transversal offshore operations team, a dedicated outsourced delivery pod (India-based) supporting scaled compliance and assessment activities.
Establish governance models, performance management, and operational rigor across distributed teams.
Drive talent strategy, succession planning, and capability development aligned to enterprise scale.

Requirements

What you’ll need

12–15+ years of progressive experience in cybersecurity, risk management, compliance, or audit.
5–7+ years in senior leadership roles within insurance or highly regulated financial services environments (required).
Proven success leading enterprise GRC and TPRM programs across complex, multi-entity organizations.
Licensed attorney (JD) or Certified Public Accountant (CPA) strongly preferred, particularly with experience in regulatory interpretation, audit, or assurance.
Background in external audit, internal audit, or regulatory advisory highly desirable.
MBA or equivalent advanced business degree preferred.
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CRISC (Certified in Risk and Information Systems Control)
CISA (Certified Information Systems Auditor)
CGRC (Certified in Governance, Risk and Compliance)
CIA (Certified Internal Auditor)
CIPP / CIPM (privacy certifications)
ISO 27001 Lead Implementer or Lead Auditor

Benefits

Comp & perks

Comprehensive full medical, dental and vision Insurance
Basic Life Insurance at no cost to the employee
Company paid short-term and long-term disability
12 weeks of 100% paid Parental Leave
Health Savings Account (HSA)
Flexible Spending Accounts (FSA)
Retirement savings plan
Personal Paid Time Off
Paid holidays and company-wide Wellness Day off
Paid time off to volunteer at nonprofit organizations
Pet friendly office environment
Commuter Benefits
Group Pet Insurance
On the job training and skills development
Employee Assistance Program (EAP)

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRCTPRMNIST 800-53ISO 27001SOC 2PCI DSSKRIscontrol effectiveness metricsaudit strategyrisk tiering

Soft Skills

leadershipcollaborationinfluencecommunicationstrategic thinkingoperational rigortalent strategysuccession planningcapability developmentreporting

Certifications

CISSPCISMCRISCCISACGRCCIACIPPCIPMISO 27001 Lead ImplementerISO 27001 Lead Auditor