Director, IT Cybersecurity Governance, Risk and Compliance (GRC)

The Director, IT Cybersecurity Governance, Risk and Compliance (GRC) will lead the cybersecurity risk and compliance process, ensuring compliance with industry regulatory standards and providing regular updates on the status of compliance. The Director, GRC will assist the CISO in identifying and assessing cybersecurity threats and risks, their severity, and mitigations. This leader will be responsible for working with IT and business owners on the implementation, execution, and compliance with the NIST Cybersecurity Framework and other industry standards.

The Director, GRC will also lead for the Information Security Department the Third-Party Risk Management and Security Awareness programs including developing key metrics and reporting them to the leadership team.

The individual will be an integral part of the CISO Organization reporting to the Company’s Chief Information Security Officer and will regularly interact with Legal, Privacy, Audit, Enterprise Risk Management, and IT leadership teams.

• Develop and drive implementation of IT Cybersecurity GRC Roadmap
• Continuously improve and oversee enterprise-wide cybersecurity policies, standards, and compliance programs
• In collaboration with Crawford’s Enterprise Risk Management, Privacy, Internal Audit, Legal, Business, and IT teams; identify, assess, and manage cybersecurity threats and risks
• Ensure compliance with the cybersecurity rules and requirements of NYDFS, SEC, and other relevant regulations in areas where Crawford operates
• Monitor for changes to cybersecurity regulatory requirements or standards over internal control and implement modifications to the Company’s IT internal control structure, as required
• Develop key cybersecurity risk indicators and regularly report on the status of remediation activities
• Develop objectives for the cybersecurity awareness and training program and conduct annual cybersecurity management and incident training for employees
• Conduct regular phishing email simulations for employees and contractors to enhance awareness and provide monthly reports on the program status
• Provide training and development opportunities to Crawford employees to support compliance with established processes and controls
• Provide direction and own the process to ensure appropriate cybersecurity risk management oversight occurs for third parties and ensure compliance with cyber regulations
• Build strong working relationships with boundary partners to enhance collaboration, consult and provide guidance on third-party risk reduction
• Mentor and manage a team of people

• Bachelor's degree in computer science (preferred), information assurance, MIS, or related field, or equivalent.
• Minimum 8 years of progressive experience in cybersecurity risk management and compliance
• Expected to hold one or more certifications relevant to the position, such as Certified Information Systems Auditor (CISA) certification, Certified in Risk and Information Systems Control (CRISC)
• Experience and a strong understanding of regulatory requirements relating to Cybersecurity risk management
• Experience in managing end-to-end third-party cybersecurity risks including onboarding, periodic reviews and oversight, auditing, and offboarding
• Working knowledge or Proficiency with:
• Cybersecurity regulations – NYDFS, SEC, NIST - Cybersecurity Framework, ISO 27001, ISAE 3000, ISAE 3402, SOC 2 Type 2
• Experience with leading and managing a team of people
• IT Security or Audit (e.g., CISA, CISM, CRISC, CISSP) certification required
• Excellent leadership and relationship-building skills
• Effective communication, collaboration, and presentation skills

Why Crawford?

Because a claim is more than a number — it’s a person, a child, a friend. It’s anyone who looks to Crawford on their worst days. And by helping to restore their lives, we are helping to restore our community – one claim at a time.

At Crawford, employees are empowered to grow, emboldened to act and inspired to innovate. Our industry-leading team pioneers new solutions for the industries and customers we serve. We’re looking for the next generation of leaders to take this journey with us.

We hail from more than 70 countries and speak dozens of languages, reflecting the global fabric of the audience we serve. Though our reach is vast, we proudly operate as One Crawford: united in purpose, vision and values. Learn more at www.crawco.com.

When you accept a job with Crawford, you become a part of the One Crawford family. 

• Our total compensation plans provide each of our employees with far more than just a great salary
• Pay and incentive plans that recognize performance excellence
• Benefit programs that empower financial, physical, and mental wellness
• Training programs that promote continuous learning and career progression while enhancing job performance
• Sustainability programs that give back to the communities in which we live and work
• A culture of respect, collaboration, entrepreneurial spirit and inclusion

Crawford & Company participates in E-Verify and is an Equal Opportunity Employer. M/F/D/V Crawford & Company is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Crawford via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Crawford HR/Recruitment will be deemed the sole property of Crawford. No fee will be paid in the event the candidate is hired by Crawford as a result of the referral or through other means.

#LI-IP1