Head, Governance, Risk and Compliance (Head Security GRC)

The Head, GRC is a senior cybersecurity leader responsible for defining and operating the governance, risk and compliance strategy for the organization. This role partners closely with the CISO, technology leaders, legal, risk, compliance and business stakeholders to ensure cyber risk is governed effectively, regulatory obligations are met, and security controls are aligned to business priorities.

The role will lead policy and standards governance, cyber risk management, control assurance, audit, regulatory engagement, and third-party risk oversight while building a culture of accountability and continuous improvement. Key responsibilities include:

• Leading and continuously improving the cybersecurity GRC framework, operating model, governance forums and reporting cadence.
• Owning the lifecycle of cybersecurity policies, standards, procedures and exception management, ensuring alignment to business objectives and regulatory expectations.
• Establishing and maintaining a risk-based control environment aligned to recognized frameworks such as NIST CSF, ISO 27001 and other applicable regulatory requirements.
• Directing enterprise cyber risk assessments, risk treatment planning, control testing and issue remediation tracking.
• Overseeing internal and external audits, customer assurance activities and regulatory examinations related to information security and cyber controls.
• Partnering with legal, privacy, compliance and enterprise risk teams to interpret and operationalise changing cyber and data protection obligations.
• Overseeing third-party cyber risk governance, including due diligence, control reviews and ongoing monitoring of critical suppliers.
• Developing meaningful metrics, KRIs and executive reporting to communicate cyber risk posture, compliance status and remediation progress to senior leadership.

Company Benefits: Willis Re provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare Benefits: Medical, Dental, Vision, Health Savings Account, Commuter Benefits, Health Care and Dependent Care Flexible Spending Accounts, Accident Insurance, Critical Illness Insurance, Life Insurance, AD&D, Financial wellbeing support, Wellbeing Program and Work/Life Resources (including Employee Assistance Program).
• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes paid state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (Washington State only).
• Retirement Benefits: Savings Plan (401k).

Compensation: The salary benchmark for this role is: US (New York): $220,000 - $250,000 - $280,000.

About You: You are a strategic and hands-on cybersecurity GRC leader who can translate regulatory, audit and risk requirements into practical actions for technology and business teams. You are comfortable operating at executive level while also driving program execution, control maturity and measurable outcomes. You bring strong judgement, clear communication and the ability to influence across complex stakeholder groups.

Proven experience leading cybersecurity governance, risk and compliance programs in a complex enterprise environment. Strong knowledge of cybersecurity and control frameworks, including NIST CSF 2.0, ISO 27001, SOC 2 and relevant regulatory expectations. Demonstrated experience with cyber risk assessments, policy governance, control assurance, audit management and issue remediation. Ability to communicate cyber risk and control effectiveness in clear business terms to executives and non-technical stakeholders. Experience partnering with audit, enterprise risk, legal, privacy, procurement and technology teams. 10 years of experience in cybersecurity, information security, information technology, risk management or a related field. Relevant certifications such as CISM, CRISC or CISA are desirable.

About Willis Re: Willis Re is committed to embracing a diverse, inclusive, and flexible work environment. We provide equal opportunity to all qualified individuals regardless of race, colour, religion, age, gender, gender expression, national origin, veteran status, disability, orientation, or any other legally protected categories. If you have a need that requires accommodation, please email us at talentacquisition@willisre.com.