- A high-impact cybersecurity leadership function within a nationally recognized insurance wholesale brokerage organization.
- A cyber GRC program that was built from the ground up and is now moving into a more mature, business-as-usual operating model.
- A hybrid team made up of full-time employees and strategic contract support across regulatory compliance, IT/cyber risk, third-party risk, AI governance, education and awareness, policy/standards, and disaster recovery governance.
- A highly collaborative environment partnering closely with the CISO, CIO, Legal, Privacy, Compliance, Enterprise Risk, Supplier Risk, Internal Audit, IT, Cybersecurity, and business leaders.
- Manage and maintain a technology control library to support clear ownership, accountability, and report on the effectiveness of NIST-aligned controls across the organization.
- Opportunity to step into a true Head of GRC role with broad ownership and enterprise visibility.
- Ability to lead a function that has already been built, structured, and operationalized — while continuing to mature and scale it.
- Exposure to a unique cybersecurity regulatory environment, including Committee of Foreign Investment of the United States (CFIUS)-related obligations, NYDFS cybersecurity compliance, and insurance-sector governance requirements.
- High-trust partnership with senior technology, security, legal, compliance, privacy, and enterprise risk leaders.
- This leader will carry forward the organization’s cybersecurity GRC program after a foundational buildout period.
- The role owns critical governance across cyber risk, IT risk, regulatory compliance, vendor risk, AI governance, awareness, and disaster recovery governance.
- The team needs a leader who can manage up to executive stakeholders while giving the team clear direction, prioritization, and support.
- This person will help ensure cybersecurity, technology, and regulatory risks are identified, documented, escalated, remediated, and communicated effectively across the enterprise.
- The role is central to translating complex risk and compliance topics into clear, business-ready language for senior leadership.
- Charlotte, NC – Uptown, Hybrid
- Leading the cybersecurity Governance, Risk & Compliance function across regulatory, technology risk, cyber risk, third-party risk, AI governance, awareness, and policy/standards.
- Managing key regulatory obligations tied to CFIUS, including national security agreement and data security plan commitments.
- Supporting NYDFS cybersecurity compliance in partnership with internal subject matter experts and broader risk/compliance stakeholders.
- Overseeing IT and cyber risk registers, risk assessments, remediation tracking, findings management, and governance reporting through Optro / formerly AuditBoard.
- Leading third-party cyber risk management, including vendor due diligence, supplier risk partnership, SOC/SIG review, and cyber-related audit response.
- Governing AI risk management framework, including policy, standards, council activity, risk review, and governance maturity.
- Overseeing cybersecurity education, awareness, communications, phishing simulations, testing, metrics, and reporting.
- Providing governance oversight for disaster recovery, including plan readiness, testing expectations, and accountability tracking.
- Partnering across Legal, Privacy, Compliance, Enterprise Risk, Internal Audit, IT, Cybersecurity, Supplier Risk, and business leadership to drive practical risk management.
- Senior cybersecurity GRC, technology risk, cyber risk, information security governance, or regulatory compliance leadership experience.
- Background in insurance, financial services, banking, brokerage, or another highly regulated enterprise environment.
- Prior experience working directly with a CISO, CIO, or senior information security executive.
- Strong understanding of cyber governance, IT/cyber risk registers, regulatory compliance, control environments, audit readiness, and remediation tracking.
- NYDFS cybersecurity experience is strongly preferred.
- CFIUS experience is highly valuable.
- Experience with third-party cyber risk, vendor due diligence, supplier risk partnership, and customer/carrier audit response.
- Ability to lead emerging technology governance, particularly AI governance, policy, standards, risk review, and control development.
- Experience with GRC platforms such as AuditBoard/Optro, Archer, ServiceNow IRM/GRC, MetricStream, LogicGate, OneTrust, or similar tools.
- Strong executive communication skills with the ability to simplify complex cyber, technology, regulatory, and operational risk topics.
- Certifications such as CISM, CISSP, CRISC, CISA, GSLC, or similar are preferred.



