Information Security GRC Program Senior Manager

Location(s)

Chicago, Illinois, Downers Grove, Illinois

Details

Kemper is one of the nation’s leading specialized insurers. Our success is a direct reflection of the talented and diverse people who make a positive difference in the lives of our customers every day. We believe a high-performing culture, valuable opportunities for personal development and professional challenge, and a healthy work-life balance can be highly motivating and productive. Kemper’s products and services are making a real difference to our customers, who have unique and evolving needs. By joining our team, you are helping to provide an experience to our stakeholders that delivers on our promises.

The Information Security GRC Program Senior Manager, reporting to the CISO, leads a team that designs and operates the enterprise security risk and control framework. The role translates regulatory and business requirements into measurable controls, validates control effectiveness through testing and evidence, and drives remediation and risk treatment decisions—ensuring leadership has a clear, defensible view of risk posture and the program remains continuously audit- and exam-ready.

Job Summary
The Information Security GRC Program Senior Manager leads the enterprise governance, risk, and compliance (GRC) function within the Information Security Program and manages a team responsible for control governance, audit/exam readiness, risk assessments, and remediation execution tracking. This role establishes a sustainable, repeatable control environment by operating the policy/control lifecycle, coordinating internal/external audits and regulatory exams, driving cross-functional accountability for remediation, and delivering executive-ready reporting to the CISO, ELT, and Risk Committees.

Key Responsibilities

Program Leadership & People Management

• Lead, coach, and develop a team of GRC professionals; set goals, performance expectations, and development plans aligned to program outcomes.
• Establish operating rhythms, playbooks, and quality standards for control documentation, testing/validation, evidence management, and reporting.
• Manage team capacity and prioritization against enterprise commitments (audits, exams, strategic initiatives, remediation).

Governance & Control Oversight

• Own the Information Security GRC operating model, including control governance, control testing/validation cadence, evidence management, and exception management.
• Maintain and mature the security control framework and control library; ensure alignment to applicable regulatory and contractual requirements (e.g., insurance regulators, NYDFS, SOX ITGCs, Bermuda Cyber Code of Conduct, PCI DSS, privacy/security obligations).
• Govern the policy lifecycle (reviews, approvals, publication, training/attestation inputs, and adoption tracking) and ensure alignment between policy, standards, and procedures.

Audit, Exam & Assurance Management

• Serve as the senior security lead for internal/external audits, regulatory exams, and assurance activities.
• Coordinate evidence collection, response narratives, and stakeholder alignment; ensure timely delivery and consistency across requests.
• Own the lifecycle of audit/exam issues: intake, triage, assignment, remediation plans, due dates, escalation, validation, and closure.

Issue & Remediation Governance

• Drive remediation governance for security findings, control gaps, and formal commitments; monitor execution and remove blockers through structured escalation.
• Validate remediation completion and evidence quality prior to closure; reduce repeat findings by ensuring root causes are addressed.

Metrics, Reporting & Executive Communication

• Develop and maintain KPIs/KRIs and executive-ready reporting on control health, audit readiness, open issues, remediation status, and program maturity.
• Present decision-grade updates to the CISO and governance forums; support Board/Risk Committee reporting with clear themes, trends, and required decisions.

Required Qualifications

• Bachelor’s degree in Information Security, Risk Management, Business, IT, or a related field (or equivalent experience).
• 8+ years of progressive experience in information security governance, risk, compliance, audit, or related disciplines.
• 3+ years of people management experience (direct reports) with demonstrated ability to build, coach, and scale a high-performing team.
• Demonstrated success leading cross-functional programs and driving accountability without direct authority.
• Strong understanding of security governance and control frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and experience mapping controls to regulatory obligations.
• Proven experience managing audits/regulatory exams, evidence, control testing/validation, and issue remediation governance.
• Excellent written and verbal communication skills; ability to translate control and compliance topics into business risk and outcomes.

Preferred Qualifications

• Experience in financial services and/or insurance regulatory environments.
• Familiarity with NYDFS cybersecurity regulation, PCI DSS, and privacy/security requirements applicable to customer data.
• Certifications: CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, or similar.
• Experience implementing or operating GRC tooling and building KPI/KRI dashboards.

Core Competencies

• Strategic program leadership with strong execution discipline
• Team leadership, coaching, and performance management
• Control design and operating effectiveness validation
• Audit/exam management and remediation governance
• Executive-ready communication and influencing skills
• High standards for documentation and evidence quality
• Risk-based prioritization and pragmatic decision support

Working Relationships

• Internal partners: Technology/IT Operations, Engineering/Application teams, Risk/ERM, Compliance, Legal/Privacy, Internal Audit, Procurement/TPRM, and business leadership.
• External partners: Auditors, regulators/examiners, and third-party service providers (as needed).

This position works at one of our Kemper locations in a hybrid capacity.

The base range for this position is $99,000 to $164,800. When determining candidate offers, we consider experience, skills, education, certifications, and geographic location among other factors. This job is eligible for an annual discretionary bonus, equity, and Kemper benefits (Medical, Dental, Vision, PTO, 401k, etc.)

Kemper is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, disability status or any other status protected by the laws or regulations in the locations where we operate. We are committed to supporting diversity and equality across our organization and we work diligently to maintain a workplace free from discrimination.

Kemper does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Kemper and Kemper will not be obligated to pay a placement fee.

Kemper will never request personal information, such as your social security number or banking information, via text or email. Additionally, Kemper does not use external messaging applications like WireApp or Skype to communicate with candidates. If you receive such a message, delete it.

#LI-AK