Back to All Jobs
Houston (Corporate Office), Texas, USA
1 day ago
Director, Information Security Governance, Risk, and Compliance

VP/Director of Information Security Governance, Risk, and Compliance is responsible for measuring and ensuring the organization's compliance with important internal KPIs and security metrics, applicable security regulations, industry standards, and internal policies. This role will play a critical function in information security risk measurement and will drive security improvements across the TMHCC group. The ideal candidate will possess a history of delivering scorecards and KPIs that drive desired change, knowledge of security and compliance frameworks and excellent analytical and communication skills.

Essential Duties and Responsibilities:

Collect and maintain information needed to meet cybersecurity reporting. Advise senior management on risk levels and security posture. Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture.

Develop and maintain group-wide security metrics oriented toward multiple audiences, including executives, business unit security leaders, and a centralized IT security team.

Monitor security controls and identify any deviations from established policies and procedures.

Provide continuous monitoring of security governance landscape so that TMHCC stays focused on the most critical security outcomes across the group.

Supervise and manage the governance, risk and compliance function including leading a team with an “ownership mentality” toward driving TMHCC’s security posture in the right direction.

Define and/or implement security policies and procedures to ensure protection of critical infrastructure and applications. Continuously validate the organization against policies/guidelines /procedures/regulations/laws to ensure compliance.

Conduct and oversee information security risk assessments (with a focus on KPI analysis) and management plans across TMHCC businesses.

Risk based engagement of technology staff on vulnerability findings and remediation plans with associated management reporting.

Engage and advise technology staff on audits, audit findings, and audit action plans.

Ensure compliance with legal and regulatory requirements.

Provide expert advice on governance, assurance, and risk management.

Manage relationships with key stakeholders.

Prioritize the closure of findings based on risk assessments.

Assist with security incidents with a focus conduct root cause analysis, follow on remediation action tracking, etc.

Meet with internal auditors as necessary to provide status updates and

Work closely with TMHCC business leaders, IT leaders, Information Security leaders and management teams to understand their businesses and assist in identifying and managing financial and operational risks within their business systems to ensure technology risks are managed.

Communicate compliance risks and issues to relevant stakeholders.

Maintain and update compliance documentation and reporting.

Qualifications:

Education: Bachelor's degree in Computer Science, Information Security or a related field; Master's degree in a relevant field preferred.

Experience: 7+ years of experience in information security, compliance, or audit, with a strong focus KPI development and reporting across functional areas in the insurance industry.

Industry Knowledge: Knowledge of the insurance industry and relevant regulations (e.g., GLBA, HIPAA, state-level insurance regulations) preferred.

Technical Expertise: Strong understanding of security principles, technologies, and best practices, including: Data security, privacy, and governance including technology presentation, Risk management methodologies, Auditing and compliance frameworks (e.g., ISO 27001, NIST Cybersecurity Framework)

Certifications: Relevant certifications such as CISA, CISM, CRISC, CIPP/US, or other relevant security and compliance certifications are highly valued.

Communication & Collaboration: Excellent written and verbal communication, strong presentation skills, and the ability to effectively communicate complex information to both technical and non-technical audiences.

Analytical & Problem-Solving Skills: Strong analytical and problem-solving skills with the ability to identify, analyze, and resolve complex compliance and reporting issues.

Key Competencies:

Regulatory Expertise: Deep understanding of relevant regulations and industry standards.

Information Security Expertise:

Audit Experience.

Risk Assessment: Ability to conduct thorough risk assessments and identify and prioritize compliance risks.

Communication & Collaboration: Excellent communication and interpersonal skills, with the ability to build strong relationships with internal and external 1 stakeholders.  

Attention to Detail: Meticulous attention to detail and the ability to ensure accuracy and completeness in all compliance documentation.

Continuous Improvement: Ability to continuously monitor and improve the organization's compliance posture.

Show More
Save & Apply Later Applying Later... Click to ApplyI AppliedDidn't Apply
Confirm your E-mail: Send Email
Apply for this job
Next Job »
All Jobs from Tokio Marine HCC
79 Tokio Marine HCC jobs in US
Next Job »
Search Jobs Tokio Marine Hcc Apply Later
Processing Unique Jobs for You: