-
Sr Director, Governance, Risk, and Compliance
- HUB International (Chicago, IL)
-
ABOUT US
At **HUB International** , we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals, families, and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees to learn, grow, and make a difference. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence.
HUB is the 5th largest global insurance and employee benefits broker, providing a boundaryless array of business insurance, employee benefits, risk services, personal insurance, retirement, and private wealth management products and services. With over $5 billion in revenue and almost 20,000 employees in 600 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions.
Position Overview:
The **Senior Director of Governance, Risk, & Compliance** will oversee strategic initiatives to enhance the company's security posture, regulatory compliance, and risk management frameworks. This role leads efforts in data governance, third-party risk management, regulatory compliance, data privacy, cybersecurity response management (RFPs and inquiries), security audits including SOC2, SOX, and IT General Controls (ITGC), and access reviews. Collaboration with legal, compliance departments, business stakeholders, and control owners will be critical. The ideal candidate will have extensive expertise in managing security policy frameworks, security awareness programs, cyber risk assessments, technology initiatives, and reporting metrics in a large, complex insurance brokerage environment.
Key Responsibilities:
1. Data Governance:
+ Lead the implementation and continuous improvement of enterprise data governance frameworks.
+ Ensure compliance with data governance standards and policies.
+ Oversee data classification, ownership, integrity, privacy, and compliance monitoring initiatives.
+ Collaborate with business stakeholders and control owners to integrate data governance principles into business operations.
2. Third-Party Risk Management:
+ Develop, maintain, and enhance comprehensive third-party risk management programs.
+ Conduct risk assessments and continuous monitoring of third-party vendors and service providers.
+ Collaborate with procurement, legal, IT, business stakeholders, and control owners to ensure robust risk management practices.
3. Customer Cybersecurity and Compliance Responses:
+ Manage and streamline processes for responding to customer cybersecurity questionnaires, RFPs, and compliance-related inquiries.
+ Collaborate with sales, legal, IT, operations teams, business stakeholders, and control owners to ensure timely, accurate, and comprehensive responses.
4. Data Privacy and Regulatory Compliance:
+ Oversee compliance with applicable data privacy laws and regulations (e.g., GDPR, CCPA) through strong partnership with legal and other relevant stakeholders.
+ Provide strategic guidance on data privacy practices and regulatory compliance initiatives.
+ Coordinate response and remediation activities related to privacy incidents or breaches in collaboration with legal, business stakeholders, and control owners.
5. Audit & Compliance:
+ Lead Security Department compliance and audit activities related to SOC2, SOX, and IT General Controls.
+ Liaise with internal and external auditors, business stakeholders, and control owners, ensuring preparedness, remediation of findings, and continuous compliance.
+ Drive improvements in control environments based on audit findings and emerging regulatory requirements.
6. Security Policies & Security Awareness Training:
+ Develop, implement, and maintain comprehensive security policy frameworks aligned with industry standards and best practices.
+ Oversee the creation and delivery of effective security awareness and training programs for employees and stakeholders.
+ Regularly review and update policies to reflect evolving risks, compliance requirements, and industry standards in partnership with legal, compliance teams, business stakeholders, and control owners.
7. Risk Management:
+ Establish and maintain robust enterprise risk management frameworks.
+ Conduct and oversee comprehensive cyber risk assessments and drive actionable remediation plans.
+ Collaborate across business units, including legal, business stakeholders, and control owners, to ensure effective integration of risk management practices into day-to-day operations.
+ Actively engage with Enterprise Risk Management program and stakeholders.
8. User Access Reviews:
+ Oversee periodic access reviews to ensure appropriate permissions and compliance with internal policies and external regulations.
+ Coordinate with legal, IT, business stakeholders, and control owners to address identified gaps and ensure remediation actions.
9. Technology & Automation Initiatives:
+ Champion the use of technology and automation to enhance GRC operations.
+ Evaluate, select, and implement GRC tools and software to streamline processes and improve accuracy.
10. Metrics & Reporting:
+ Develop and maintain a comprehensive set of GRC metrics and dashboards.
+ Regularly report GRC status and risk posture to executive management and board-level committees.
Qualifications:
+ Bachelor’s degree in Information Security, Computer Science, Business Administration, or related field. Advanced degree preferred.
+ Relevant professional certifications (CISSP, CISM, CRISC, CISA, or similar).
+ Minimum of 10 years of progressive experience in governance, risk, compliance, cybersecurity, and privacy management roles, including at least 5 years in a senior leadership capacity.
+ Strong understanding of cybersecurity frameworks, data privacy regulations, and audit standards including SOC2, SOX, GDPR, CCPA, and ITGC.
+ Exceptional leadership, strategic thinking, communication, and stakeholder management skills.
+ In-depth knowledge of data governance frameworks, data quality management practices, and data security principles.
+ Strong understanding of compliance regulations, reporting requirements, and performance monitoring practices.
+ Excellent project management skills, with the ability to lead cross-functional teams and drive data governance initiatives.
+ Strong analytical and problem-solving skills, with the ability to translate complex data requirements into actionable insights.
Preferred Experience:
+ Previous experience within insurance, financial services, or related regulated industries.
+ Demonstrated success in leading GRC initiatives at enterprise scale, managing cross-functional teams, and driving organizational change.
JOIN OUR TEAM
Do you believe in the power of innovation, collaboration, and transformation? Do you thrive in a supportive and client focused work environment? Are you looking for an opportunity to help build and drive change in a rapidly growing and evolving organization? When you join **HUB International** , you will be part of a community of learners and doers focused on our Core Values: entrepreneurship, teamwork, integrity, accountability, and service.
_Disclosure required under applicable law in California, Colorado, Illinois, Maryland, Minnesota, New York, New Jersey, and Washington states: The expected salary range for this position is $160,000 to $190,000_ _and will be impacted by factors such as the successful candidate’s skills, experience and working location, as well as the specific position’s business line, scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role, we encourage you to submit your application. By doing so, we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance, FSA, HSA and 401(k) accounts, paid-time-off benefits such as vacation, sick, and personal days, and eligible bonuses, equity and commissions for some positions._
Department Information Technology
Required Experience: 7-10 years of relevant experience
Required Travel: Negligible
Required Education: Bachelor's degree (4-year degree)
HUB International Limited is an equal opportunity employer that does not discriminate on the basis of race/ethnicity, national origin, religion, age, color, sex, sexual orientation, gender identity, disability or veteran's status, or any other characteristic protected by local, state or federal laws, rules or regulations.
E-Verify Program (https://hubinternational.jobs/e-verify/)
We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the recruiting team [email protected] . This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.
-
Recent Searches
- Workday Adaptive Configuration Administrator (Pennsylvania)
- Wastewater Treatment Operator Senior (Indiana)
Recent Jobs
-
Sr Director, Governance, Risk, and Compliance
- HUB International (Chicago, IL)
-
Outreach Manager, Bureau of Chronic Disease Prevention
- City of New York (New York, NY)
-
Program Director, Occupational Therapy Doctorate Program
- Shenandoah University (Winchester, VA)
-
Manager of Insurance & Claims
- Orlando Utilities Commission (Orlando, FL)