Apply on Employer Site

Principal Financial Group · 16 hours ago

Assistant Director, Cyber GRC

United States

Full-time

Remote

Senior Level, Lead/Staff

$141K/yr - $180K/yr

8+ years exp

Principal Financial Group is seeking an experienced Assistant Director of Cyber GRC to join their Information Security and Risk GRC team. The role involves leading cybersecurity regulatory compliance activities, engaging with regulators, and translating regulatory requirements into practical security controls while partnering with various teams to enhance compliance and security posture.

Financial ServicesInsurance

No H1B

U.S. Citizen Only

Responsibilities

Design global cybersecurity assurance program, including control gap assessments, testing, evidence management, and continuous monitoring

Evaluate control effectiveness and recommend process or tooling improvements to improve efficiency and coverage

Monitor and interpret changes in global cybersecurity laws, regulations, and standards (e.g., NIST, SOX, SOC, GDPR, HIPAA)

Translate regulatory requirements into actionable security controls, metrics, and framework mappings

Support control design enhancements to address regulatory expectations and emerging risks

Support readiness for regulatory exams, audits, and third‑party assessments

Participate in audits, coordinate responses to inquiries, and track remediation activities

Partner with IT, Legal, Risk, Compliance, and Audit teams to align cybersecurity controls with regulatory obligations

Provide subject‑matter guidance on GRC best practices and control design

Provide training and awareness on regulatory compliance topics, as needed

Develop and maintain reporting on control posture, findings, and remediation progress

Communicate regulatory changes, risks, and control insights to leadership

Qualification

Cybersecurity regulatory complianceNIST CSF800-53Stakeholder managementProfessional certificationsCybersecurity assurance programDiplomacyTechnical consultingWritten communicationVerbal communication

Required

Bachelor's degree in information security, cybersecurity, law, or a related field or equivalent experience

8+ years of experience in cybersecurity, information risk, or IT compliance

Direct, hands-on experience engaging with regulators (e.g., scoping exams, responding to information requests, and/or presenting to examiners)

Proven experience with regulatory frameworks and standards such as NIST CSF and 800-53, SOX, SOC, GDPR, and HIPAA

Exceptional written and verbal communication skills with an ability to brief executives and regulators with clarity and confidence

Strong stakeholder management experience with the ability to influence cross-functional teams and drive accountability without direct authority

Preferred

Experience designing cybersecurity assurance program in a regulated industry (e.g., finance, insurance, government)

Professional certifications such as CISA, CISM, CGRC, CRISC, or CISSP

Familiarity with risk management methodologies and tools

Diplomacy and professionalism in high-stakes discussions

Ability to consult on technical controls

Benefits

Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness.

Pension Eligible

Company

Principal Financial Group

Glassdoor3.9

Principal Financial Group® is dedicated to improving the wealth and well-being of people and businesses around the world—helping more than 62M customers plan, protect, invest, and retire as of December 31, 2023.

Founded in 1879

Des Moines, Iowa, USA

10001+ employees