Job Information
Crawford & Company Director, IT Cybersecurity Governance, Risk and Compliance (GRC) in United States
Excellence In Everything We Touch
Position Summary
The Director, IT Cybersecurity Governance, Risk and Compliance (GRC) will lead the cybersecurity risk and compliance process, ensuring compliance with industry regulatory standards and providing regular updates on the status of compliance. The Director, GRC will assist the CISO in identifying and assessing cybersecurity threats and risks, their severity, and mitigations. This leader will be responsible for working with IT and business owners on the implementation, execution, and compliance with the NIST Cybersecurity Framework and other industry standards.
The Director, GRC will also lead for the Information Security Department the Third-Party Risk Management and Security Awareness programs including developing key metrics and reporting them to the leadership team.
The individual will be an integral part of the CISO Organization reporting to the Company’s Chief Information Security Officer and will regularly interact with Legal, Privacy, Audit, Enterprise Risk Management, and IT leadership teams.
Responsibilities
Develop and drive implementation of IT Cybersecurity GRC Roadmap
Continuously improve and oversee enterprise-wide cybersecurity policies, standards, and compliance programs
In collaboration with Crawford’s Enterprise Risk Management, Privacy, Internal Audit, Legal, Business, and IT teams; identify, assess, and manage cybersecurity threats and risks
Ensure compliance with the cybersecurity rules and requirements of NYDFS, SEC, and other relevant regulations in areas where Crawford operates
Monitor for changes to cybersecurity regulatory requirements or standards over internal control and implement modifications to the Company’s IT internal control structure, as required
Develop key cybersecurity risk indicators and regularly report on the status of remediation activities
Develop objectives for the cybersecurity awareness and training program and conduct annual cybersecurity management and incident training for employees
Conduct regular phishing email simulations for employees and contractors to enhance awareness and provide monthly reports on the program status
Provide training and development opportunities to Crawford employees to support compliance with established processes and controls
Provide direction and own the process to ensure appropriate cybersecurity risk management oversight occurs for third parties and ensure compliance with cyber regulations
Build strong working relationships with boundary partners to enhance collaboration, consult and provide guidance on third-party risk reduction
Mentor and manage a team of people
Requirements
Bachelor's degree in computer science (preferred), information assurance, MIS, or related field, or equivalent.
Minimum 8 years of progressive experience in cybersecurity risk management and compliance
Expected to hold one or more certifications relevant to the position, such as Certified Information Systems Auditor (CISA) certification, Certified in Risk and Information Systems Control (CRISC)
Experience and a strong understanding of regulatory requirements relating to Cybersecurity risk management
Experience in managing end-to-end third-party cybersecurity risks including onboarding, periodic reviews and oversight, auditing, and offboarding
Working knowledge or Proficiency with:
Cybersecurity regulations – NYDFS, SEC, NIST - Cybersecurity Framework, ISO 27001, ISAE 3000, ISAE 3402, SOC 2 Type 2
Experience with leading and managing a team of people
IT Security or Audit (e.g., CISA, CISM, CRISC, CISSP) certification required
Excellent leadership and relationship-building skills
Effective communication, collaboration, and presentation skills
About Us
Why Crawford?
Because a claim is more than a number — it’s a person, a child, a friend. It’s anyone who looks to Crawford on their worst days. And by helping to restore their lives, we are helping to restore our community – one claim at a time.
At Crawford, employees are empowered to grow, emboldened to act and inspired to innovate. Our industry-leading team pioneers new solutions for the industries and customers we serve. We’re looking for the next generation of leaders to take this journey with us.
We hail from more than 70 countries and speak dozens of languages, reflecting the global fabric of the audience we serve. Though our reach is vast, we proudly operate as One Crawford: united in purpose, vision and values. Learn more at www.crawco.com.
When you accept a job with Crawford, you become a part of the One Crawford family.
Our total compensation plans provide each of our employees with far more than just a great salary
Pay and incentive plans that recognize performance excellence
Benefit programs that empower financial, physical, and mental wellness
Training programs that promote continuous learning and career progression while enhancing job performance
Sustainability programs (https://www.crawco.com/about/social-responsibility) that give back to the communities in which we live and work
A culture of respect, collaboration, entrepreneurial spirit and inclusion
Crawford & Company participates in E-Verify and is an Equal Opportunity Employer. M/F/D/V Crawford & Company is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Crawford via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Crawford HR/Recruitment will be deemed the sole property of Crawford. No fee will be paid in the event the candidate is hired by Crawford as a result of the referral or through other means.
#LI-IP1
Posted Date2 days ago(5/1/2024 8:34 AM)
Requisition ID2024-24551
Job LocationsUS
Position TypeRegular Full-Time
CategoryInformation Technology
Business UnitShared Services