Established in 2021, Independence Pet Holdings is a corporate holding company that manages a diverse and broad portfolio of modern pet health brands and services, including insurance, pet education, lost recovery services, and more throughout North America.
We believe pet insurance is more than a financial product and build solutions to simplify the pet parenting journey and help improve the well-being of pets. As a leading authority in the pet category, we operate with a full stack of resources, capital, and services to support pet parents. Our multi-brand and omni-channel approach include our own insurance carrier, insurance brands and partner brands.
Director, Governance, Risk & Compliance (GRC) and Third-
Party Risk Management (TPRM)
Location: Chicago, IL (Hybrid)
Reports To: Chief Information Security Officer (CISO)
Position Overview
The Senior Director of Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) is an
enterprise leadership role accountable for the design, implementation, and continuous maturation of a unified
risk and compliance program across a $2.5 billion insurance holding company.
This position holds end-to-end accountability for the information security compliance posture of an
organization comprised of 12 Managing General Agencies (MGAs) and 2 insurance carriers, operating
within a complex and highly regulated environment.
Operating at the intersection of cybersecurity, regulatory compliance, and third-party governance, this leader
serves as the central authority for aligning disparate control environments into a cohesive, measurable, and
defensible enterprise risk framework. The role requires executive-level influence, regulatory fluency, and the
ability to drive consistency across a federated, acquisition-driven operating model.
Key Responsibilities
Enterprise Accountability & Regulatory Posture
• Own and maintain the enterprise-wide information security compliance posture across all
operating entities, ensuring alignment with regulatory expectations and internal risk appetite.
• Establish a defensible, evidence-driven control environment capable of withstanding regulatory
scrutiny across multiple jurisdictions.
• Serve as the authoritative leader for compliance strategy across MGAs and carrier entities with differing
regulatory obligations.
Enterprise GRC Strategy & Architecture
• Design and implement a unified GRC operating model across multiple insurance entities with varying
levels of maturity.
• Establish a control-centric framework leveraging NIST 800-53, ISO 27001, SOC 2, and PCI DSS.
• Transition the organization from periodic, interview-based assessments to continuous, evidence-driven
compliance measurement.
• Define and operationalize KRIs, control effectiveness metrics, and executive reporting.
Regulatory & Audit Leadership
• Serve as the central point of accountability for regulatory readiness, including NYDFS, state insurance
regulators, and international frameworks where applicable.
• Lead enterprise-wide audit strategy (SOC 2 Type II, ISO 27001, internal audits).
• Interface directly with regulators and external auditors to ensure consistent narratives, defensible
controls, and successful audit outcomes.• Drive enterprise remediation strategies with measurable timelines and executive accountability.
Third-Party Risk Management (TPRM)
• Build and scale a comprehensive TPRM program across the full vendor lifecycle.
• Establish risk tiering, due diligence, and continuous monitoring aligned with enterprise risk tolerance.
• Integrate TPRM into procurement, legal, and business operations to ensure consistent enforcement.
• Oversee risk acceptance and exception governance frameworks.
Operational Integration & Transformation
• Harmonize fragmented GRC practices across acquired entities into a centralized and scalable function.
• Drive automation strategy leveraging GRC platforms (auditboard, Drata, or equivalent) to enable
real-time compliance visibility and evidence collection.
• Embed security, privacy, and identity governance into enterprise-wide control frameworks.
• Advance organizational maturity toward a “Security First” operating model.
Executive Engagement & Cross-Functional Collaboration
• Provide regular reporting to executive leadership and board-level stakeholders (e.g., Audit Committee,
Risk Committee).
• Collaborate daily with the Chief Privacy Officer (CPO) and Chief Risk Officer (CRO) organizations
to ensure alignment across privacy, enterprise risk management, and information security compliance.
• Translate complex regulatory and technical requirements into business-aligned decision frameworks.
• Influence enterprise investment decisions through quantified risk exposure and control effectiveness.
Leadership & Organizational Complexity
• Lead a multi-layered global GRC and TPRM organization, including:
o 4 senior GRC functional leaders
o A transversal offshore operations team
o A dedicated outsourced delivery pod (India-based) supporting scaled compliance and
assessment activities
• Establish governance models, performance management, and operational rigor across distributed
teams.
• Drive talent strategy, succession planning, and capability development aligned to enterprise scale.
Qualifications
Experience
• 12–15+ years of progressive experience in cybersecurity, risk management, compliance, or audit.
• 5–7+ years in senior leadership roles within insurance or highly regulated financial services
environments (required).
• Proven success leading enterprise GRC and TPRM programs across complex, multi-entity organizations.
Professional Background
• Licensed attorney (JD) or Certified Public Accountant (CPA) strongly preferred, particularly with
experience in regulatory interpretation, audit, or assurance.
• Background in external audit, internal audit, or regulatory advisory highly desirable.
• MBA or equivalent advanced business degree preferred.
Certifications (Preferred)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CGRC (Certified in Governance, Risk and Compliance)
• CIA (Certified Internal Auditor)
• CIPP / CIPM (privacy certifications)
• ISO 27001 Lead Implementer or Lead Auditor
Expertise
• Deep knowledge of NIST 800-53, ISO 27001, SOC 2, PCI DSS, and regulatory regimes such as NYDFS.
• Strong command of third-party risk methodologies and vendor lifecycle governance.
• Experience implementing and scaling GRC tooling platforms.
• Ability to design and operationalize scalable, evidence-based control frameworks.
Leadership & Influence
• Executive presence with the ability to influence across Legal, Audit, Technology, Privacy, and Risk
domains.
• Strong strategic and analytical thinking with the ability to translate risk into financial and operational
impact.
• Exceptional communication skills, including board-level engagement.
Why This Role Matters
This role represents enterprise ownership of information security compliance and risk governance across a
complex insurance ecosystem. It is critical to enabling regulatory confidence, integrating acquired entities, and
ensuring that risk is managed as a measurable, accountable, and strategic business function.
In collaboration with Senior Leadership, designs, develops, and implements focused strategies.
Leads the development of programs that are critical to the organization and ensures execution of the function.
Provides advice and consultation to senior and executive management related to operational and/or strategic decisions and resolves critical issues.
Actively participates in the budget and goal setting process for the department.
Provides guidance, counseling, and continuing education opportunities to staff. Selects, develops, coaches, mentors, and assesses performance of staff.
Provides guidance to consistently improve the processes of the area(s) of focus.
Develops, implements, and maintains administrative policies and procedures.
Provides leadership through influencing and directing the work of others to execute plans to meet strategic and operational objectives.
Performs other duties and responsibilities as assigned.
All of our jobs come with great benefits including healthcare, parental leave and opportunities for career advancements. Some offerings are dependent upon the location of where you work and can include the following:
Comprehensive full medical, dental and vision Insurance
Basic Life Insurance at no cost to the employee
Company paid short-term and long-term disability
12 weeks of 100% paid Parental Leave
Health Savings Account (HSA)
Flexible Spending Accounts (FSA)
Retirement savings plan
Personal Paid Time Off
Paid holidays and company-wide Wellness Day off
Paid time off to volunteer at nonprofit organizations
Pet friendly office environment
Commuter Benefits
Group Pet Insurance
On the job training and skills development
Employee Assistance Program (EAP)
Interview Technology Notice:
Please note that phone and video interviews or screenings may be recorded and transcribed using interview technology to support our recruitment process.
By continuing with the interview, you consent to this use.
Text Messaging Notice:
If you provide a mobile phone number, you may receive job-related communications via text message. Message and data rates may apply.
You may opt out of text communications at any time by replying “STOP.”