Manager of Information Security and Governance, Risk, and Compliance

Summary:
Lead Information Technology (IT) security governance risk and compliance (internal control) activities for the business to protect data ensure regulatory compliance and enable secure resilient technology operations. This role designs and operates security controls runs control testing and remediation supports audits and partners with business and technology teams to reduce risk while enabling product delivery.

The role will build partnerships and influence across the organization including executive leaders legal internal audit vendor management finance software engineering DevOps business units and P&Ls.

Why Jewelers Mutual:
Since 1913 weve been committed to supporting the Jewelry industry and putting customers at the center of everything we do. With over a century of trusted expertise were financially strong forward-thinking and driven by curiosity. Guided by our core values of Agility Accountability and Relevancy we lead through innovation.

As a technology and organization we embrace cutting-edge tools and data-driven insights to continuously improve our products services and customer experience. Our mission is to be the industrys most trusted advisor by investing in our people adopting new technologies and striving for excellence.

Were dedicated to fostering growth through collaboration powered by bold thinking teamwork and the passion of our people.

Here youll:

• Move fast and embrace change
• Always look for better ways
• Grow thrive and help shape whats next

Join us and be part of a culture where you can make an impact while building your future.

What Youll Do:

• Develop maintain and operate the IT security and internal controls framework aligned to enterprise risk appetite regulatory requirements (state insurance regulators SOC2) and industry best practices.

• Own control design implementation testing and remediation for IT general controls (access change management backup/recovery segregation of duties) application controls and infrastructure controls.

• Partner with legal and strategic sourcing functions on regulatory compliance and vendor security and control reviews.

• Engage and provide support and guidance on business continuity plans.

• Drive efforts for Zero Trust identity governance cloud security controls and automation/tooling/AI.

• Lead governance for data classification lifecycle management and integration privacy into all system design and development practices.

• Lead periodic control testing programs coordinate internal and external audits produce evidence and drive remediation tracking to closure.

• Manage identity and access governance: privileged access management periodic access reviews onboarding/offboarding role-based access controls and exception management.

• Oversee vulnerability management and patching governance.

• Operate incident response playbooks for technology incidents affecting confidentiality integrity or availability; lead root-cause analysis and post-incident controls improvements.

• Partner with DevOps software engineering and third-party risk to embed security controls into software development cloud deployments and vendor engagements.

• Maintain security policy standards and control documentation; deliver training and awareness to IT and key business stakeholders.

• Track metrics and produce regular risk and control reporting for IT leadership Enterprise Risk Management and the Audit/Compliance committees.

• Manage mentor and develop a team of control analysts and security specialists; oversee contractors and vendors as needed.

To perform this job successfully an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Leadership Responsibilities

• Leadership: team management project prioritization vendor oversight and cross-functional partnership.

What Youll Bring:

• Bachelors degree in Information/Cyber Security Computer Science Risk Management or related field.

• 5 years of progressive experience in IT security IT internal controls compliance or related risk roles; experience in insurance or financial services strongly preferred.

• Demonstrated experience with ITGC SOC2 Type 2 security risk cloud modern environments regulatory compliance frameworks and audit lifecycle management.

• Technical: identity and access management vulnerability management endpoint security logging/SIEM cloud security fundamentals secure software engineering concepts.

• Controls & audit: control design test scripting evidence collection remediation management audit liaison skills.

• Analytical: risk assessment control gap analysis metrics definition and reporting.

• Communication: concise executive reporting stakeholder influence training delivery and audit coordination.

Certificates Licenses Registrations

• Preferred certifications: CISM CISSP CRISC CISA or similar. Cloud certs (AWS/Azure/GCP security) a plus.

What We Offer You:

• Competitive Compensation & Benefits: Includes performance bonuses generous paid time off and a top-tier retirement program with 401(k) matching and additional company contributions.
• Collaborative Culture: Work alongside talented passionate peers who value ownership and continuous learning.
• Community & Giving: Benefit from 50% charitable gift matching and paid volunteer time to support nonprofit causes
• Great Place to Work Certified: Join a team recognized for an environment of innovation and growth.

Accessibility and Accommodations
We are committed to providing an inclusive and acessible recruitment process. If you require accommodation at any stage of the application or interview process please let us know by contacting

Required Experience:

Manager