Director of Governance, Risk, and Compliance / TPRM

Established in 2021, Independence Pet Holdings is a corporate holding company that manages a diverse and broad portfolio of modern pet health brands and services, including insurance, pet education, lost recovery services, and more throughout North America.

We believe pet insurance is more than a financial product and build solutions to simplify the pet parenting journey and help improve the well-being of pets. As a leading authority in the pet category, we operate with a full stack of resources, capital, and services to support pet parents. Our multi-brand and omni-channel approach include our own insurance carrier, insurance brands and partner brands. 

Director, Governance, Risk & Compliance (GRC) and Third-

Party Risk Management (TPRM)

Location: Chicago, IL (Hybrid)

Reports To: Chief Information Security Officer (CISO)

Position Overview

The Senior Director of Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) is an

enterprise leadership role accountable for the design, implementation, and continuous maturation of a unified

risk and compliance program across a $2.5 billion insurance holding company.

This position holds end-to-end accountability for the information security compliance posture of an

organization comprised of 12 Managing General Agencies (MGAs) and 2 insurance carriers, operating

within a complex and highly regulated environment.

Operating at the intersection of cybersecurity, regulatory compliance, and third-party governance, this leader

serves as the central authority for aligning disparate control environments into a cohesive, measurable, and

defensible enterprise risk framework. The role requires executive-level influence, regulatory fluency, and the

ability to drive consistency across a federated, acquisition-driven operating model.

Key Responsibilities

Enterprise Accountability & Regulatory Posture

• Own and maintain the enterprise-wide information security compliance posture across all

operating entities, ensuring alignment with regulatory expectations and internal risk appetite.

• Establish a defensible, evidence-driven control environment capable of withstanding regulatory

scrutiny across multiple jurisdictions.

• Serve as the authoritative leader for compliance strategy across MGAs and carrier entities with differing

regulatory obligations.

Enterprise GRC Strategy & Architecture

• Design and implement a unified GRC operating model across multiple insurance entities with varying

levels of maturity.

• Establish a control-centric framework leveraging NIST 800-53, ISO 27001, SOC 2, and PCI DSS.

• Transition the organization from periodic, interview-based assessments to continuous, evidence-driven

compliance measurement.

• Define and operationalize KRIs, control effectiveness metrics, and executive reporting.

Regulatory & Audit Leadership

• Serve as the central point of accountability for regulatory readiness, including NYDFS, state insurance

regulators, and international frameworks where applicable.

• Lead enterprise-wide audit strategy (SOC 2 Type II, ISO 27001, internal audits).

• Interface directly with regulators and external auditors to ensure consistent narratives, defensible

controls, and successful audit outcomes.• Drive enterprise remediation strategies with measurable timelines and executive accountability.

Third-Party Risk Management (TPRM)

• Build and scale a comprehensive TPRM program across the full vendor lifecycle.

• Establish risk tiering, due diligence, and continuous monitoring aligned with enterprise risk tolerance.

• Integrate TPRM into procurement, legal, and business operations to ensure consistent enforcement.

• Oversee risk acceptance and exception governance frameworks.

Operational Integration & Transformation

• Harmonize fragmented GRC practices across acquired entities into a centralized and scalable function.

• Drive automation strategy leveraging GRC platforms (auditboard, Drata, or equivalent) to enable

real-time compliance visibility and evidence collection.

• Embed security, privacy, and identity governance into enterprise-wide control frameworks.

• Advance organizational maturity toward a “Security First” operating model.

Executive Engagement & Cross-Functional Collaboration

• Provide regular reporting to executive leadership and board-level stakeholders (e.g., Audit Committee,

Risk Committee).

• Collaborate daily with the Chief Privacy Officer (CPO) and Chief Risk Officer (CRO) organizations

to ensure alignment across privacy, enterprise risk management, and information security compliance.

• Translate complex regulatory and technical requirements into business-aligned decision frameworks.

• Influence enterprise investment decisions through quantified risk exposure and control effectiveness.

Leadership & Organizational Complexity

• Lead a multi-layered global GRC and TPRM organization, including:

o 4 senior GRC functional leaders

o A transversal offshore operations team

o A dedicated outsourced delivery pod (India-based) supporting scaled compliance and

assessment activities

• Establish governance models, performance management, and operational rigor across distributed

teams.

• Drive talent strategy, succession planning, and capability development aligned to enterprise scale.

Qualifications

Experience

• 12–15+ years of progressive experience in cybersecurity, risk management, compliance, or audit.

• 5–7+ years in senior leadership roles within insurance or highly regulated financial services

environments (required).

• Proven success leading enterprise GRC and TPRM programs across complex, multi-entity organizations.

Professional Background

• Licensed attorney (JD) or Certified Public Accountant (CPA) strongly preferred, particularly with

experience in regulatory interpretation, audit, or assurance.

• Background in external audit, internal audit, or regulatory advisory highly desirable.

• MBA or equivalent advanced business degree preferred.

Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)• CRISC (Certified in Risk and Information Systems Control)

• CISA (Certified Information Systems Auditor)

• CGRC (Certified in Governance, Risk and Compliance)

• CIA (Certified Internal Auditor)

• CIPP / CIPM (privacy certifications)

• ISO 27001 Lead Implementer or Lead Auditor

Expertise

• Deep knowledge of NIST 800-53, ISO 27001, SOC 2, PCI DSS, and regulatory regimes such as NYDFS.

• Strong command of third-party risk methodologies and vendor lifecycle governance.

• Experience implementing and scaling GRC tooling platforms.

• Ability to design and operationalize scalable, evidence-based control frameworks.

Leadership & Influence

• Executive presence with the ability to influence across Legal, Audit, Technology, Privacy, and Risk

domains.

• Strong strategic and analytical thinking with the ability to translate risk into financial and operational

impact.

• Exceptional communication skills, including board-level engagement.

Why This Role Matters

This role represents enterprise ownership of information security compliance and risk governance across a

complex insurance ecosystem. It is critical to enabling regulatory confidence, integrating acquired entities, and

ensuring that risk is managed as a measurable, accountable, and strategic business function.

• In collaboration with Senior Leadership, designs, develops, and implements focused strategies.

• Leads the development of programs that are critical to the organization and ensures execution of the function.

• Provides advice and consultation to senior and executive management related to operational and/or strategic decisions and resolves critical issues.

• Actively participates in the budget and goal setting process for the department.

• Provides guidance, counseling, and continuing education opportunities to staff.  Selects, develops, coaches, mentors, and assesses performance of staff.

• Provides guidance to consistently improve the processes of the area(s) of focus.

• Develops, implements, and maintains administrative policies and procedures.

• Provides leadership through influencing and directing the work of others to execute plans to meet strategic and operational objectives.

• Performs other duties and responsibilities as assigned.

All of our jobs come with great benefits including healthcare, parental leave and opportunities for career advancements. Some offerings are dependent upon the location of where you work and can include the following:

• Comprehensive full medical, dental and vision Insurance

• Basic Life Insurance at no cost to the employee

• Company paid short-term and long-term disability

• 12 weeks of 100% paid Parental Leave

• Health Savings Account (HSA)

• Flexible Spending Accounts (FSA)

• Retirement savings plan

• Personal Paid Time Off

• Paid holidays and company-wide Wellness Day off

• Paid time off to volunteer at nonprofit organizations

• Pet friendly office environment

• Commuter Benefits

• Group Pet Insurance

• On the job training and skills development

• Employee Assistance Program (EAP)

Interview Technology Notice:

Please note that phone and video interviews or screenings may be recorded and transcribed using interview technology to support our recruitment process.

By continuing with the interview, you consent to this use.

Text Messaging Notice:

If you provide a mobile phone number, you may receive job-related communications via text message. Message and data rates may apply.

You may opt out of text communications at any time by replying “STOP.”