For more than 170 years, The Hanover has been committed to delivering on our promises and being there when it matters the most. We live our values every day, demonstrating we CARE through our values, ESG initiatives and IDE journey. Our Information Security team is an AVP of Information Governance Risk Compliance (GRC) to join our growing team in our Worcester, MA office or in remote work arrangement. This is a full time, exempt position.
POSITION OVERVIEW: The AVP of GRC, reporting directly to the Deputy Chief Information Security Officer, is responsible for establishing and maintaining the overall information security risk management program. This position will lead a team of information security risk management professionals responsible for identifying, evaluating, managing, and reporting on information security risks in a manner that meets The Hanover’s internal, regulatory, and other compliance requirements. As a senior leader in the Information Security organization, this leader is part of the broader Hanover Technology Group (HTG) and will work proactively with peers in HTG, legal, procurement, risk management, compliance, business units, and other internal departments and organizations to implement practices that meet The Hanover’s defined policies and standards for information risk management. The GRC team is responsible for providing oversight and governance of information security risk related activities and to ensure management awareness through transparent reporting of our security risk and compliance posture. IN THIS ROLE, YOU WILL: Provide management oversight and serve as the leadership point of contact for the Information security Governance, Risk and Compliance (GRC) team: Take end to end ownership of information security owned programs and related teams including security policies, vendor security assessment, compliance management, regulatory audits, metrics, risk and performance indicators, security integration and assessment of M&A and related ventures. Be responsible for overall information security risk management using continuous self-assessments and executive reporting. Provide continuous input to the deputy CISO and help measure the information security risk posture of The Hanover. Provide leadership and engage with the business to perform security assessment and ensure timely execution of projects and program while mitigating any security risks. Identify, recommend, and, when applicable, execute appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company. Manage, operate, and oversee the third-party security assessment program and team; participate in Third Party Risk Management steering committee. Continuously evaluate information security controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts. Work closely with internal groups such as Human Resources, Enterprise Risk Management, Internal Audit, Privacy, Legal, and Compliance on matters of policy and risk management Develop and improve KPIs, metrics, and trending. Mentor, coach and train security staff. Ensure the appropriate use of technology in support of the program. Enable management to deliver adequate and sustainable assurance in the enterprise by performing independent assurance reviews and activities WHAT YOU NEED TO APPLY: Bachelor’s degree in related field, specialized training, or equivalent work experience 7+ years’ experience directly related to information security governance, policy development and risk management with 5+ years in leadership and/or program management. Demonstrated experience in managing an enterprise governance and risk management program. Track record of leading distributed teams and leading delivery of complex, multi-faceted technology assessment and compliance initiatives. Deep experience in understanding regulatory and industry standards such as PCI, SOX, GLBA, ISO standards, NIST framework, SSAE as well hands-on experience with common governance and risk management frameworks, such as NIST 800-37, COSO Integrated Framework, ISACA COBIT 5, etc. Hands on leadership experience in authoring security policies, developing standards, deploying GRC solutions to effectively manage and measure on the Information risk posture. Technically strong in understanding and solving complex information security challenges, having a track record of leading the delivery of complex, multi-faceted technology initiatives. Excellent communications and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences including executive management. Attested ability to establish and sustain effective, professional relationships with product and business managers; work closely with business partners to understand business drivers and market requirements; and provide leadership to the technology group in order to create the right solutions for the market in the required time frames. Must have established track record of managing in a technically complex environment. Experience with a wide array of security platforms, protocols, tools, and technologies. CISM, CISSP, CGEIT, or CRISC certification or demonstrated mastery of governance and risk management desired Experience with Information Security in a Property & Casualty Insurance a plus. CAREER DEVELOPMENT: It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop. BENEFITS: We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed. Benefits include: Medical, dental, vision, life, and disability insurance 401K with a company match Tuition reimbursement PTO Company paid holidays Flexible work arrangements Cultural Awareness Day in support of IDE On-site medical/wellness center (Worcester only) Click here for the full list of Benefits EEO statement: The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law. Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.” As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. Individuals with disabilities who wish to request a reasonable accommodation to participate in the job application or interview process, or to perform essential job functions, should contact us at: and include the link of the job posting in which you are interested. Privacy Policy: To view our privacy policy and online privacy statement, click here. Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please click here Other details Pay Type Salary Required Education Bachelor’s Degree Apply Now
IDE Key Performance Indicators (KPIs) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)