Executive Director, GRC (Hybrid)
Company: Trustmark Companies
Location: Lake Forest
Posted on: January 16, 2023
Job Description:
This role is hybrid 2 days onsite and 3 days remote
SUMMARY OF OVERALL PURPOSE
In this position the Executive Director, Information Security
Governance, Risk and Compliance willbe responsible for the holistic
GRC program which includes; Information Security program
management, policies, standards, associates control frameworks,
security awareness and training, risk management which includes
risk quantification, interfacing with internal and external audit,
and regulators. Being an enterprise position, the selected
candidate will manage information security risks across the
organization. This role includes management of technology risk,
vendor risk management, IT governance, and IT compliance. This role
is expected to effectively partner with internal and external
groups in reporting out risk at multiple levels including executive
leadership.
KEY ACCOUNTABILITIES
Percentage of Time
30%
Lead team and develop talent
- Provide thought leadership within Trustmark in the areas of
Information Security Governance, Risk and Compliance
- Partners with all levels of Trustmark leadership in furthering
the sharing of security awareness and risk management maturity
continuum in support of evolving business needs.
- Lead and build a team of security professionals, including
setting direction, providing feedback, managing performance, and
developing employees.
- Coach and mentor to build GRC capabilities.
- Collaborates with business and IT leaders on benefit attainment
from capability changes and updates.
20%
Building out and executing a risk management program and
strategy
- Building out and executing upon a risk management strategy with
roadmap deliverables, maturity modeling, risk register/catalog
development and security/risk metrics.
- Performing focused risks assessments and communicating them to
information security "customers," or business partners.
- Identifying opportunities to improve risk posture, developing
solutions for remediating or mitigating risks and assessing the
residual risk.
20%
Building and maintaining information security policies, procedures
and processes
- Building and leading security awareness and training around
InfoSec for the organization.
- Being directly involved with communicating information security
awareness, updates, best practices, etc. to all employees,
contractors, etc.
- Building and maintaining information security policies,
procedures and processes. Ensuring they are reviewed, current and
up to date on a regular basis.
- Establishing a Create-Communicate-Execute process for all
policies and working with relevant departments (e.g. Corporate
Communications) to this end goal.
- Identifying and implementing appropriate controls to
effectively manage information risks as needed.
20%
Developing, building and maintaining a common controls
framework
- Developing, building and maintaining a common controls
framework to map to NIST CSF, HIPAA, Privacy regulations, local,
state and Federal regulations, etc.'
- Providing reporting and metrics toward the alignment of
controls to risks and showing maturity models against it
10%
Relationship management across the enterprise
- Involved in customer, partner and vendor risk assessments and
communicates them to information security "customers," or business
partners.
- Partnering with Legal, Compliance, and the Privacy Office to
identify and address cyber risks to the organization, partners,
customers, etc.
- Maintaining strong working relationships with individuals and
groups involved in managing information risks across the
organization.
Total = 100%
SUPERVISORY RESPONSIBILITIES
# Direct Reports:
6
# Indirect Reports:
EDUCATION and EXPERIENCE
Minimum Requirements
- Bachelors' degree required.
- 7+ years of information security experience required
- Oneor more of the following certifications is required: CISSP,
CRISC, CHP, CHSE, GSEC, CISM/CISA, ITIL and/or other related
Information Security certification.
- Experience leading a Governance, Risk, and Compliance function
is required
- Proven track record of leading and managing highly functional
GRC team
- Strong presentation, verbal and written communication skills
with the ability to articulate complex ideas in easy to understand
business terms to all levels of management including senior leaders
required
- Knowledge of and experience with privacy and security law
issues, particularly HIPAA, required
- Knowledge of information risk management governance, policies,
& libraries, analytics & reporting, and issue management
required.
- Strong collaboration skills
- Strong business acumen
- Understanding of respective industry best practices (e.g.,
NIST, HIPAA, HITRUST, ISO, COBIT, OWASP, ITIL, etc.).
- Excellent collaboration skills including ability to lead cross
functional teams and build consensus.
Keywords: Trustmark Companies, Lake Forest , Executive Director, GRC (Hybrid), Executive , Lake Forest, California
Didn't find what you're looking for? Search again!
Loading more jobs...