Head of Information Security Governance, Risk, and Compliance

at  Resolution Life

As part of the application process, a candidate account is required to log in and view application(s). Please be sure to check email regularly for information regarding our employment process.
Position Summary:
The Head of Information Security Governance, Risk, and Compliance (GRC) is a strategic leadership position tasked with the critical responsibility of safeguarding the organization’s information assets. This role encompasses a broad spectrum of duties that include establishing and maintaining the cybersecurity governance framework to ensure that policies and practices are aligned with business objectives and regulatory requirements. The individual in this role will be instrumental in identifying, evaluating, and mitigating cybersecurity risks, thereby ensuring the integrity, confidentiality, and availability of information. They will lead the development of risk management strategies and compliance activities, ensuring that the organization’s cybersecurity posture is robust and resilient against emerging threats. As a key advisor to senior management, the Head of GRC will provide insights and recommendations on cybersecurity trends, best practices, internal and external audit reports and regulatory changes that may impact the organization. They will also be responsible for fostering a culture of cybersecurity awareness and compliance throughout the organization.
In addition to these strategic responsibilities, the Head of GRC will oversee the implementation of cybersecurity initiatives, manage the GRC team’s performance, and ensure that cybersecurity objectives are integrated into the organization’s broader operational and strategic plans.
This role requires a visionary leader with a deep understanding of cybersecurity principles, risk management, and compliance frameworks. The ideal candidate will possess strong communication and leadership skills, the ability to navigate complex regulatory landscapes, and a commitment to continuous improvement in the face of a rapidly evolving cybersecurity environment.

Profile Responsibilities:

• Develop and maintain a comprehensive cybersecurity governance framework.
• Conduct and oversee cybersecurity risk assessments and management plans.
• Engage and advise technology staff on audits, audit findings, and audit action plans.
• Ensure compliance with legal and regulatory requirements.
• Provide expert advice on governance, assurance, and risk management.
• Manage relationships with key regulatory stakeholders.
• Prioritize the closure of findings based on risk assessments.
• Sponsor GRC capability development to keep current and anticipate future needs.
• Offer oversight and guidance to technology assurance activities, ensuring alignment across domains.
• Serve as a key leader in the development, execution, and continual evolution of the effectiveness of the ICFR program strategy.
• Lead the IT ICFR risk assessment to determine the scope of each reporting year.
• Define the coverage approach related to in-scope applications, key reports, interfaces, automated controls, and other IT dependency type controls for both the financial statement audit as well as any RLUS SOC1s provided to external stakeholders.
• Identify stakeholders and personnel to support the ICFR/MAR implementation.
• Meet with external auditors as necessary to provide status updates and remediation efforts of ongoing work.
• Actively participate in overall program assessments from an ICFR perspective using qualitative and quantitative data and methods.
• Be the key subject matter expert in the assigned area of responsibility, providing a deep understanding of the company’s financial business processes, systems, and internal controls and how they interrelate.
• Participate in advancing a highly effective communication strategy to ensure clear understanding of ICFR/MAR principles and guidance and maximum alignment.
• Develop and deliver IT ICFR/MAR specific training to stakeholders, personnel, and the steering committee.
• Stay current on new technical literature applicable to the internal control process (e.g., PCAOB guidance, SEC, etc.).
• Lead the effort to develop an IT General Controls “Center of Excellence” that can be utilized by the global company. This framework will be key in helping the firm achieve a controls-based audit approach by its external auditor.

Knowledge & Experience:

• B.A./B.S. in Accounting/Finance or IT related field, or equivalent experience
• Professional Certification is preferred: CISA or equivalent, compliance frameworks (e.g. ISO or NIST)
• 12+ years of related IT process experience including previous internal audit experience, external audit experience or SOX and risk assessment experience
• Strong record of success achieving business objectives, growth, and efficiencies
• Knowledge of IT ICFR processes and controls, including the importance of IT dependent controls that support business process controls
• Demonstrated strong problem-solving and analytical skills is critical
• Strong leadership skills with the ability to work with and influence people at all levels across the enterprise
• Great attention to details with the ability to understand impacts to the broader organization
• Effective time management and prioritization
• Ability to work within tight time constraints and multiple priorities
• Excellent verbal and written communication skills
• Excellent interpersonal skills, teamwork, and collaboration

Location: West Chester, PA or New York City. Open to Atlanta, GA, Charlotte, NC, or Minneapolis, MN. Regardless of location travel is upto 25%.
Resolution Life US is committed to disclosing a reasonable estimate of the base salary for our job roles. These estimates consider a wide range of factors in making base salary decisions, including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. In addition to salary, Resolution Life US offers a comprehensive benefits package, including our health & wellness program, incentive and recognition programs, and 401k contribution (all benefits are subject to eligibility requirements). The salary range reflects figures based on the primary location, which is listed first. The range for the role may differ based on the location.

Base Salary Range:

• $183,000 - $224,000

Critical Skills

At Resolution Life, we have identified the following critical skills which are key to success in our culture:

• Customer Focused: Passionate drive to delight our customers and offer unique solutions that deliver on their expectations.
• Critical Thinking: Thoughtful process of analyzing data and problem solving data to reach a well-reasoned solution.
• Team Mentality: Partnering effectively to drive our culture and execute on our common goals.
• Business Acumen: Appreciation and understanding of the financial services industry in order to make sound business decisions.
• Learning Agility: Openness to new ways of thinking and acquiring new skills to retain a competitive advantage.

• Develop and maintain a comprehensive cybersecurity governance framework.
• Conduct and oversee cybersecurity risk assessments and management plans.
• Engage and advise technology staff on audits, audit findings, and audit action plans.
• Ensure compliance with legal and regulatory requirements.
• Provide expert advice on governance, assurance, and risk management.
• Manage relationships with key regulatory stakeholders.
• Prioritize the closure of findings based on risk assessments.
• Sponsor GRC capability development to keep current and anticipate future needs.
• Offer oversight and guidance to technology assurance activities, ensuring alignment across domains.
• Serve as a key leader in the development, execution, and continual evolution of the effectiveness of the ICFR program strategy.
• Lead the IT ICFR risk assessment to determine the scope of each reporting year.
• Define the coverage approach related to in-scope applications, key reports, interfaces, automated controls, and other IT dependency type controls for both the financial statement audit as well as any RLUS SOC1s provided to external stakeholders.
• Identify stakeholders and personnel to support the ICFR/MAR implementation.
• Meet with external auditors as necessary to provide status updates and remediation efforts of ongoing work.
• Actively participate in overall program assessments from an ICFR perspective using qualitative and quantitative data and methods.
• Be the key subject matter expert in the assigned area of responsibility, providing a deep understanding of the company’s financial business processes, systems, and internal controls and how they interrelate.
• Participate in advancing a highly effective communication strategy to ensure clear understanding of ICFR/MAR principles and guidance and maximum alignment.
• Develop and deliver IT ICFR/MAR specific training to stakeholders, personnel, and the steering committee.
• Stay current on new technical literature applicable to the internal control process (e.g., PCAOB guidance, SEC, etc.).
• Lead the effort to develop an IT General Controls “Center of Excellence” that can be utilized by the global company. This framework will be key in helping the firm achieve a controls-based audit approach by its external auditor