Sr Director, Governance, Risk, and Compliance

ABOUT US

At HUB International we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals families and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees to learn grow and make a difference. Our structure enables our teams to maintain their own unique regional culture while leveraging support and resources from our corporate centers of excellence.

HUB is the 5th largest global insurance and employee benefits broker providing a boundaryless array of business insurance employee benefits risk services personal insurance retirement and private wealth management products and services. With over $5 billion in revenue and almost 20000 employees in 600 offices throughout North America HUB has grown substantially in part due to our industry leading success in mergers and acquisitions.

Position Overview:

The Senior Director of Governance Risk & Compliance will oversee strategic initiatives to enhance the companys security posture regulatory compliance and risk management frameworks. This role leads efforts in data governance third-party risk management regulatory compliance data privacy cybersecurity response management (RFPs and inquiries) security audits including SOC2 SOX and IT General Controls (ITGC) and access reviews. Collaboration with legal compliance departments business stakeholders and control owners will be critical. The ideal candidate will have extensive expertise in managing security policy frameworks security awareness programs cyber risk assessments technology initiatives and reporting metrics in a large complex insurance brokerage environment.

Key Responsibilities:

1. Data Governance:

• Lead the implementation and continuous improvement of enterprise data governance frameworks.
• Ensure compliance with data governance standards and policies.
• Oversee data classification ownership integrity privacy and compliance monitoring initiatives.
• Collaborate with business stakeholders and control owners to integrate data governance principles into business operations.

2. Third-Party Risk Management:

• Develop maintain and enhance comprehensive third-party risk management programs.
• Conduct risk assessments and continuous monitoring of third-party vendors and service providers.
• Collaborate with procurement legal IT business stakeholders and control owners to ensure robust risk management practices.

3. Customer Cybersecurity and Compliance Responses:

• Manage and streamline processes for responding to customer cybersecurity questionnaires RFPs and compliance-related inquiries.
• Collaborate with sales legal IT operations teams business stakeholders and control owners to ensure timely accurate and comprehensive responses.

4. Data Privacy and Regulatory Compliance:

• Oversee compliance with applicable data privacy laws and regulations (e.g. GDPR CCPA) through strong partnership with legal and other relevant stakeholders.
• Provide strategic guidance on data privacy practices and regulatory compliance initiatives.
• Coordinate response and remediation activities related to privacy incidents or breaches in collaboration with legal business stakeholders and control owners.

5. Audit & Compliance:

• Lead Security Department compliance and audit activities related to SOC2 SOX and IT General Controls.
• Liaise with internal and external auditors business stakeholders and control owners ensuring preparedness remediation of findings and continuous compliance.
• Drive improvements in control environments based on audit findings and emerging regulatory requirements.

6. Security Policies & Security Awareness Training:

• Develop implement and maintain comprehensive security policy frameworks aligned with industry standards and best practices.
• Oversee the creation and delivery of effective security awareness and training programs for employees and stakeholders.
• Regularly review and update policies to reflect evolving risks compliance requirements and industry standards in partnership with legal compliance teams business stakeholders and control owners.

7. Risk Management:

• Establish and maintain robust enterprise risk management frameworks.
• Conduct and oversee comprehensive cyber risk assessments and drive actionable remediation plans.
• Collaborate across business units including legal business stakeholders and control owners to ensure effective integration of risk management practices into day-to-day operations.
• Actively engage with Enterprise Risk Management program and stakeholders.

8. User Access Reviews:

• Oversee periodic access reviews to ensure appropriate permissions and compliance with internal policies and external regulations.
• Coordinate with legal IT business stakeholders and control owners to address identified gaps and ensure remediation actions.

9. Technology & Automation Initiatives:

• Champion the use of technology and automation to enhance GRC operations.
• Evaluate select and implement GRC tools and software to streamline processes and improve accuracy.

10. Metrics & Reporting:

• Develop and maintain a comprehensive set of GRC metrics and dashboards.
• Regularly report GRC status and risk posture to executive management and board-level committees.

Qualifications:

• Bachelors degree in Information Security Computer Science Business Administration or related field. Advanced degree preferred.
• Relevant professional certifications (CISSP CISM CRISC CISA or similar).
• Minimum of 10 years of progressive experience in governance risk compliance cybersecurity and privacy management roles including at least 5 years in a senior leadership capacity.
• Strong understanding of cybersecurity frameworks data privacy regulations and audit standards including SOC2 SOX GDPR CCPA and ITGC.
• Exceptional leadership strategic thinking communication and stakeholder management skills.
• In-depth knowledge of data governance frameworks data quality management practices and data security principles.
• Strong understanding of compliance regulations reporting requirements and performance monitoring practices.
• Excellent project management skills with the ability to lead cross-functional teams and drive data governance initiatives.
• Strong analytical and problem-solving skills with the ability to translate complex data requirements into actionable insights.

Preferred Experience:

• Previous experience within insurance financial services or related regulated industries.
• Demonstrated success in leading GRC initiatives at enterprise scale managing cross-functional teams and driving organizational change.

JOIN OUR TEAM

Do you believe in the power of innovation collaboration and transformation Do you thrive in a supportive and client focused work environment Are you looking for an opportunity to help build and drive change in a rapidly growing and evolving organization When you join HUB International you will be part of a community of learners and doers focused on our Core Values: entrepreneurship teamwork integrity accountability and service.

Disclosure required under applicable law in California Colorado Illinois Maryland Minnesota New York New Jersey and Washington states: The expected salary range for this position is $160000 to $190000 and will be impacted by factors such as the successful candidates skills experience and working location as well as the specific positions business line scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role we encourage you to submit your application. By doing so we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance FSA HSA and 401(k) accounts paid-time-off benefits such as vacation sick and personal days and eligible bonuses equity and commissions for some positions.

HUB International Limited is an equal opportunity employer that does not discriminate on the basis of race/ethnicity national origin religion age color sex sexual orientation gender identity disability or veterans status or any other characteristic protected by local state or federal laws rules or regulations.

E-Verify Program

We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process please contact the recruiting team. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.