Information Security GRC Program Senior Manager

Location(s)

Details

Kemper is one of the nations leading specialized insurers. Our success is a direct reflection of the talented and diverse people who make a positive difference in the lives of our customers every day. We believe a high-performing culture valuable opportunities for personal development and professional challenge and a healthy work-life balance can be highly motivating and productive. Kempers products and services are making a real difference to our customers who have unique and evolving needs. By joining our team you are helping to provide an experience to our stakeholders that delivers on our promises.

The Information Security GRC Program Senior Manager reporting to the CISO leads a team that designs and operates the enterprise security risk and control framework. The role translates regulatory and business requirements into measurable controls validates control effectiveness through testing and evidence and drives remediation and risk treatment decisionsensuring leadership has a clear defensible view of risk posture and the program remains continuously audit- and exam-ready.

Job Summary
The Information Security GRC Program Senior Manager leads the enterprise governance risk and compliance (GRC) function within the Information Security Program and manages a team responsible for control governance audit/exam readiness risk assessments and remediation execution tracking. This role establishes a sustainable repeatable control environment by operating the policy/control lifecycle coordinating internal/external audits and regulatory exams driving cross-functional accountability for remediation and delivering executive-ready reporting to the CISO ELT and Risk Committees.

Key Responsibilities

Program Leadership & People Management

• Lead coach and develop a team of GRC professionals; set goals performance expectations and development plans aligned to program outcomes.
• Establish operating rhythms playbooks and quality standards for control documentation testing/validation evidence management and reporting.
• Manage team capacity and prioritization against enterprise commitments (audits exams strategic initiatives remediation).

Governance & Control Oversight

• Own the Information Security GRC operating model including control governance control testing/validation cadence evidence management and exception management.
• Maintain and mature the security control framework and control library; ensure alignment to applicable regulatory and contractual requirements (e.g. insurance regulators NYDFS SOX ITGCs Bermuda Cyber Code of Conduct PCI DSS privacy/security obligations).
• Govern the policy lifecycle (reviews approvals publication training/attestation inputs and adoption tracking) and ensure alignment between policy standards and procedures.

Audit Exam & Assurance Management

• Serve as the senior security lead for internal/external audits regulatory exams and assurance activities.
• Coordinate evidence collection response narratives and stakeholder alignment; ensure timely delivery and consistency across requests.
• Own the lifecycle of audit/exam issues: intake triage assignment remediation plans due dates escalation validation and closure.

Issue & Remediation Governance

• Drive remediation governance for security findings control gaps and formal commitments; monitor execution and remove blockers through structured escalation.
• Validate remediation completion and evidence quality prior to closure; reduce repeat findings by ensuring root causes are addressed.

Metrics Reporting & Executive Communication

• Develop and maintain KPIs/KRIs and executive-ready reporting on control health audit readiness open issues remediation status and program maturity.
• Present decision-grade updates to the CISO and governance forums; support Board/Risk Committee reporting with clear themes trends and required decisions.

Required Qualifications

• Bachelors degree in Information Security Risk Management Business IT or a related field (or equivalent experience).
• 8 years of progressive experience in information security governance risk compliance audit or related disciplines.
• 3 years of people management experience (direct reports) with demonstrated ability to build coach and scale a high-performing team.
• Demonstrated success leading cross-functional programs and driving accountability without direct authority.
• Strong understanding of security governance and control frameworks (e.g. NIST CSF ISO 27001 CIS Controls) and experience mapping controls to regulatory obligations.
• Proven experience managing audits/regulatory exams evidence control testing/validation and issue remediation governance.
• Excellent written and verbal communication skills; ability to translate control and compliance topics into business risk and outcomes.

Preferred Qualifications

• Experience in financial services and/or insurance regulatory environments.
• Familiarity with NYDFS cybersecurity regulation PCI DSS and privacy/security requirements applicable to customer data.
• Certifications: CISSP CISM CRISC CISA ISO 27001 Lead Implementer/Lead Auditor or similar.
• Experience implementing or operating GRC tooling and building KPI/KRI dashboards.

Core Competencies

• Strategic program leadership with strong execution discipline
• Team leadership coaching and performance management
• Control design and operating effectiveness validation
• Audit/exam management and remediation governance
• Executive-ready communication and influencing skills
• High standards for documentation and evidence quality
• Risk-based prioritization and pragmatic decision support

Working Relationships

• Internal partners: Technology/IT Operations Engineering/Application teams Risk/ERM Compliance Legal/Privacy Internal Audit Procurement/TPRM and business leadership.
• External partners: Auditors regulators/examiners and third-party service providers (as needed).

This position works at one of our Kemper locations in a hybrid capacity.

The base range for this position is $99000 to $164800. When determining candidate offers we consider experience skills education certifications and geographic location among other factors. This job is eligible for an annual discretionary bonus equity and Kemper benefits (Medical Dental Vision PTO 401k etc.)

Kemper is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race color religion sex sexual orientation gender identity national origin veteran disability status or any other status protected by the laws or regulations in the locations where we operate. We are committed to supporting diversity and equality across our organization and we work diligently to maintain a workplace free from discrimination.

Kemper does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Kemper and Kemper will not be obligated to pay a placement fee.

Kemper will never request personal information such as your social security number or banking information via text or email. Additionally Kemper does not use external messaging applications like WireApp or Skype to communicate with candidates. If you receive such a message delete it.

#LI-AK