LakeForestRecruiter Since 2001
the smart solution for Lake Forest jobs

Executive Director, GRC (Hybrid)

Company: Trustmark Companies
Location: Lake Forest
Posted on: January 16, 2023

Job Description:

This role is hybrid 2 days onsite and 3 days remote


In this position the Executive Director, Information Security Governance, Risk and Compliance willbe responsible for the holistic GRC program which includes; Information Security program management, policies, standards, associates control frameworks, security awareness and training, risk management which includes risk quantification, interfacing with internal and external audit, and regulators. Being an enterprise position, the selected candidate will manage information security risks across the organization. This role includes management of technology risk, vendor risk management, IT governance, and IT compliance. This role is expected to effectively partner with internal and external groups in reporting out risk at multiple levels including executive leadership.


Percentage of Time


Lead team and develop talent

  • Provide thought leadership within Trustmark in the areas of Information Security Governance, Risk and Compliance
  • Partners with all levels of Trustmark leadership in furthering the sharing of security awareness and risk management maturity continuum in support of evolving business needs.
  • Lead and build a team of security professionals, including setting direction, providing feedback, managing performance, and developing employees.
  • Coach and mentor to build GRC capabilities.
  • Collaborates with business and IT leaders on benefit attainment from capability changes and updates.


    Building out and executing a risk management program and strategy

    • Building out and executing upon a risk management strategy with roadmap deliverables, maturity modeling, risk register/catalog development and security/risk metrics.
    • Performing focused risks assessments and communicating them to information security "customers," or business partners.
    • Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.


      Building and maintaining information security policies, procedures and processes

      • Building and leading security awareness and training around InfoSec for the organization.
      • Being directly involved with communicating information security awareness, updates, best practices, etc. to all employees, contractors, etc.
      • Building and maintaining information security policies, procedures and processes. Ensuring they are reviewed, current and up to date on a regular basis.
      • Establishing a Create-Communicate-Execute process for all policies and working with relevant departments (e.g. Corporate Communications) to this end goal.
      • Identifying and implementing appropriate controls to effectively manage information risks as needed.


        Developing, building and maintaining a common controls framework

        • Developing, building and maintaining a common controls framework to map to NIST CSF, HIPAA, Privacy regulations, local, state and Federal regulations, etc.'
        • Providing reporting and metrics toward the alignment of controls to risks and showing maturity models against it


          Relationship management across the enterprise

          • Involved in customer, partner and vendor risk assessments and communicates them to information security "customers," or business partners.
          • Partnering with Legal, Compliance, and the Privacy Office to identify and address cyber risks to the organization, partners, customers, etc.
          • Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization.

            Total = 100%


            # Direct Reports:


            # Indirect Reports:


            Minimum Requirements

            • Bachelors' degree required.
            • 7+ years of information security experience required
            • Oneor more of the following certifications is required: CISSP, CRISC, CHP, CHSE, GSEC, CISM/CISA, ITIL and/or other related Information Security certification.
            • Experience leading a Governance, Risk, and Compliance function is required

              • Proven track record of leading and managing highly functional GRC team

                • Strong presentation, verbal and written communication skills with the ability to articulate complex ideas in easy to understand business terms to all levels of management including senior leaders required
                • Knowledge of and experience with privacy and security law issues, particularly HIPAA, required
                • Knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management required.
                • Strong collaboration skills
                • Strong business acumen
                • Understanding of respective industry best practices (e.g., NIST, HIPAA, HITRUST, ISO, COBIT, OWASP, ITIL, etc.).
                • Excellent collaboration skills including ability to lead cross functional teams and build consensus.

Keywords: Trustmark Companies, Lake Forest , Executive Director, GRC (Hybrid), Executive , Lake Forest, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Lake Forest RSS job feeds