Deputy CISO

WHO WE ARE

Relation Insurance is a leading, innovative company with a strong commitment to excellence and a passion for delivering cutting-edge solutions to our clients. As a key player in the insurance market, we pride ourselves on our dynamic culture, collaborative environment, and continuous drive for success. With a rich history and a bright future ahead, we are looking for exceptional individuals to join our team and contribute to our ongoing growth and success.

WHAT WE'RE LOOKING FOR

The Deputy CISO, Governance, Risk & Compliance (GRC) is a senior security leader responsible for executing the organization's enterprise governance, risk, and compliance program end-to-end. The individual in this role operates with full responsibility and accountability for GRC outcomes, including successful audit completion, regulatory compliance, customer assurance, and third-party risk management.

The Deputy CISO, GRC serves as the primary security compliance authority for auditors, regulators, and customers and is expected to independently drive results, ensure completion of regulatory obligations, and maintain audit-ready security governance across the enterprise.

A GLIMPSE INTO YOUR DAY

• Leads and executes the enterprise governance, risk, and compliance program end-to-end.
• Operates across multiple regulatory frameworks simultaneously, ensuring successful delivery of compliance and risk outcomes.
• Serves as the primary point of contact for auditors, regulators, and customers on security and compliance matters.
• Represents the organization as the accountable security compliance leader in regulatory examinations, customer diligence reviews, and external assurance engagements.
• Leads enterprise audit and regulatory readiness through gap analysis, control design, policy development, evidence collection, and timely remediation closure, ensuring successful audit completion across SOC 1, SOC 2, NYDFS Part 500, HIPAA, and GDPR.
• Ensures timely closure of audit findings and remediation of control gaps through completion.
• Responsible for writing, maintaining, and enforcing all security and compliance policies, standards, and procedures.
• Retains ownership of control intent, rationale, and narrative consistency across audits, regulators, and customer engagements.
• Performs security and privacy risk assessments, control testing, and remediation tracking through completion.
• Responsible for maintaining enterprise data mapping, documenting data flows, systems, and third-party processors.
• Leads vendor privacy and security risk assessments involving regulated and personal data.
• Partners with legal and business stakeholders to ensure privacy governance requirements are met.
• Responsible for the enterprise third-party risk management program, including vendor assessments, monitoring, and remediation follow-through.
• Independently completes customer security questionnaires (SIG, CAIQ, and custom SAQs) and provides security narrative responses for RFPs and customer due diligence inquiries.
• Independently develops accurate, clear, and consistent security narratives grounded in sustained understanding of the organization's technical and risk environment, without repeated reliance on technical or engineering resources.
• Partners with IT, Engineering, Legal, Privacy, Risk, and business leadership to obtain evidence and implement controls, while retaining accountability for control interpretation and compliance outcomes.
• Provides executive-ready reporting on audit status, compliance posture, remediation progress, and enterprise risk.
• Leverages AI-assisted tools and automation to improve efficiency, consistency, and scale across GRC execution, while exercising sound judgment in regulated and confidential environments.
• Continuously identifies opportunities to streamline GRC processes through tooling, automation, and workflow optimization.
• Performs other projects, duties, and tasks, as assigned.

WHAT SUCCESS LOOKS LIKE IN THIS ROLE

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or other related field. Master's degree in Cybersecurity or Information Systems preferred.
• Minimum 8 years of progressively responsible experience in…