Senior Information Security GRC Program Manager
Kemper
full-time
Posted on:
Location Type: Hybrid
Location: Chicago • Illinois • United States
Visit company websiteExplore more
Salary
💰 $99,000 - $164,800 per year
Job Level
About the role
- Lead, coach, and develop a team of GRC professionals; set goals, performance expectations, and development plans aligned to program outcomes.
- Establish operating rhythms, playbooks, and quality standards for control documentation, testing/validation, evidence management, and reporting.
- Manage team capacity and prioritization against enterprise commitments (audits, exams, strategic initiatives, remediation).
- Own the Information Security GRC operating model, including control governance, control testing/validation cadence, evidence management, and exception management.
- Maintain and mature the security control framework and control library; ensure alignment to applicable regulatory and contractual requirements (e.g., insurance regulators, NYDFS, SOX ITGCs, Bermuda Cyber Code of Conduct, PCI DSS, privacy/security obligations).
- Govern the policy lifecycle (reviews, approvals, publication, training/attestation inputs, and adoption tracking) and ensure alignment between policy, standards, and procedures.
- Serve as the senior security lead for internal/external audits, regulatory exams, and assurance activities.
- Coordinate evidence collection, response narratives, and stakeholder alignment; ensure timely delivery and consistency across requests.
- Drive remediation governance for security findings, control gaps, and formal commitments; monitor execution and remove blockers through structured escalation.
- Validate remediation completion and evidence quality prior to closure; reduce repeat findings by ensuring root causes are addressed.
- Develop and maintain KPIs/KRIs and executive-ready reporting on control health, audit readiness, open issues, remediation status, and program maturity.
- Present decision-grade updates to the CISO and governance forums; support Board/Risk Committee reporting with clear themes, trends, and required decisions.
Requirements
- Bachelor’s degree in Information Security, Risk Management, Business, IT, or a related field (or equivalent experience).
- 8+ years of progressive experience in information security governance, risk, compliance, audit, or related disciplines.
- 3+ years of people management experience (direct reports) with demonstrated ability to build, coach, and scale a high-performing team.
- Demonstrated success leading cross-functional programs and driving accountability without direct authority.
- Strong understanding of security governance and control frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and experience mapping controls to regulatory obligations.
- Proven experience managing audits/regulatory exams, evidence, control testing/validation, and issue remediation governance.
- Excellent written and verbal communication skills; ability to translate control and compliance topics into business risk and outcomes.
Benefits
- Qualify for your choice of health and dental plans within your first month.
- Save for your future with robust 401(k) match, Health Spending Accounts and various retirement plans.
- Learn and Grow with our Tuition Assistance Program, paid certifications and continuing education programs.
- Contribute to your community through United Way and volunteer programs.
- Balance your life with generous paid time off and business casual dress.
- Get employee discounts for shopping, dining and travel through Kemper Perks.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information security governancerisk managementcomplianceauditcontrol frameworkscontrol testingevidence managementremediation governanceKPIKRI
Soft Skills
leadershipcoachingteam developmentcross-functional collaborationaccountabilitycommunicationstakeholder alignmentproblem-solvingpresentation skillsstrategic thinking