Head, Governance, Risk and Compliance (Head Security GRC) in London

The Head, GRC is a senior cybersecurity leader responsible for defining and operating the governance, risk and compliance strategy for the organization. This role partners closely with the CISO, technology leaders, legal, risk, compliance and business stakeholders to ensure cyber risk is governed effectively, regulatory obligations are met, and security controls are aligned to business priorities.

The role will lead policy and standards governance, cyber risk management, control assurance, audit, regulatory engagement, and third-party risk oversight while building a culture of accountability and continuous improvement. Key responsibilities include:

• Leading and continuously improving the cybersecurity GRC framework, operating model, governance forums and reporting cadence.
• Owning the lifecycle of cybersecurity policies, standards, procedures and exception management, ensuring alignment to business objectives and regulatory expectations.
• Establishing and maintaining a risk-based control environment aligned to recognized frameworks such as NIST CSF, ISO 27001 and other applicable regulatory requirements.
• Directing enterprise cyber risk assessments, risk treatment planning, control testing and issue remediation tracking.
• Overseeing internal and external audits, customer assurance activities and regulatory examinations related to information security and cyber controls.
• Partnering with legal, privacy, compliance and enterprise risk teams to interpret and operationalise changing cyber and data protection obligations.
• Overseeing third-party cyber risk governance, including due diligence, control reviews and ongoing monitoring of critical suppliers.
• Developing meaningful metrics, KRIs and executive reporting to communicate cyber risk posture, compliance status and remediation progress to senior leadership.

Company Benefits: Willis Re provides a competitive benefit package which includes Health and Welfare Benefits, Leave Benefits, and Retirement Benefits.

Compensation: The salary benchmark for this role is: US (New York): $220,000 - $250,000 - $280,000.

About You: You are a strategic and hands-on cybersecurity GRC leader who can translate regulatory, audit and risk requirements into practical actions for technology and business teams. You are comfortable operating at executive level while also driving program execution, control maturity and measurable outcomes. You bring strong judgement, clear communication and the ability to influence across complex stakeholder groups.

Proven experience leading cybersecurity governance, risk and compliance programs in a complex enterprise environment is essential. Strong knowledge of cybersecurity and control frameworks, including NIST CSF 2.0, ISO 27001, SOC 2 and relevant regulatory expectations is required. Demonstrated experience with cyber risk assessments, policy governance, control assurance, audit management and issue remediation is necessary. The ability to communicate cyber risk and control effectiveness in clear business terms to executives and non-technical stakeholders is crucial. Experience partnering with audit, enterprise risk, legal, privacy, procurement and technology teams is important. A minimum of 10 years of experience in cybersecurity, information security, information technology, risk management or a related field is expected. Relevant certifications such as CISM, CRISC or CISA are desirable.

About Willis Re: Willis Re is committed to embracing a diverse, inclusive, and flexible work environment. We provide equal opportunity to all qualified individuals regardless of race, colour, religion, age, gender, gender expression, national origin, veteran status, disability, orientation, or any other legally protected categories.