Chief Information Security Officer (CISO)

First American•Santa Ana, CA

About The Position

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com. What We Do The Chief Information Security Officer (CISO) reports directly to the Chief Risk Officer and serves as the senior-most authority for enterprise cybersecurity, cyber risk governance, and operational resilience across a highly regulated financial services enterprise. What You'll Do This executive will architect and lead a forward-looking, enterprise-wide security strategy designed to protect the confidentiality, integrity, and availability of corporate and client information assets. The mandate encompasses network security, endpoint and EDR capabilities, hybrid and multi-cloud security, identity and privileged access management, application security and DevSecOps integration, governance and compliance, vulnerability management, security engineering, and 24x7 Security Operations. This role is both strategic and operational - responsible for defining multi-year Zero Trust architecture evolution while ensuring measurable improvements in threat detection, incident response, regulatory compliance, and enterprise resilience. Security strategy must be deeply embedded within enterprise modernization, digital transformation, and cloud initiatives. The CISO will transition the organization from perimeter-centric defenses toward identity-centric and least-privilege models, strengthen privileged access governance, advance micro-segmentation, and implement continuous verification principles aligned to NIST CSF, ISO 27001, FFIEC, NYDFS, NAIC, HIPAA, PCI, FISMA, and SOX requirements. The CISO serves as executive leader during material cyber events, coordinating cross-functional crisis response across Legal, Risk, Compliance, Communications, and Business Operations. Regular tabletop exercises, resilience simulations, and regulatory examination leadership are core components of the role.

Requirements

The ideal candidate will bring 15+ years of progressive cybersecurity leadership experience.
Ideally, the new CISO will have experience operating within a regulated industry such as insurance or financial services. Experience from other complex and regulated industries will also be considered.
Experience leading organizations of 100+ cybersecurity professionals.
Proven oversight of 24x7 Security Operations Centers and cyber defense teams
Deep expertise in Zero Trust architecture and identity-driven security frameworks.
Strong regulatory fluency across insurance and financial services control environments.
Executive-level crisis leadership during significant cyber incidents.
Board-level communication presence and risk articulation capability
Innate curiosity, able to see around corners, motivated by the desire to “know what we don’t yet know”
Anticipates risk and responds with proactive layered approaches to security
An influencer – one who leads and empowers people, creates followership, builds connections, removes roadblocks, and acts as an advocate for their team.
Facilitates change management – continuously improving outcomes.
An iterative / complex thinker, comfortable with ambiguity, informal and high-influence leadership style.
An analytical and financially minded executive that operates within a framework that utilizes well defined metrics, scorecards, OKR’s and KPI’s.
An “in-the-trenches” and “hands-on” executive who can immerse themselves in the technology when needed and is a continuous student of the business and industry.
Proven management and organizational skills working in a fast-paced and high growth environment; experience scaling a company in a dynamic environment.
A team builder, capable of recruiting talent and developing high potential talent to their full potential.
Models the company’s core principles and values with creditability.
Understands the company’s history, current business, and future goals.
A strong leader that balances empathy with determination, defending their position/strategic direction while considering the position of others.
Steady handed – operates from a state of balance and is unflappable.
A visible and engaging leader who engenders purpose, inspires alignment to support a vision and creates followership.
A leader who focuses not only on relentless execution to a strategy but also on the development of a team of people who enable the company to achieve these ends – this executive will be an inspirational leader and effective at developing people to reach their full potential.
An executive with considerable experience leading transformational change and continuous innovation.
Strong partnership and collaborative style with outstanding communication skills - written, verbal and presentation. Engaging, informative, brief, to the point.
Able to thrive and lever opportunities derived from being a member of a dynamic, highly collaborative executive team where organizational reporting structure and hierarchy do not dictate effectiveness or ability to have impact.
Fast mover, nimble and decisive with a demonstrated entrepreneurial approach to business process, balancing control with flexibility, procedure with simplicity, and willingness to innovate and change while creating an environment of rigor and discipline.
Adept at navigating a complex matrix organization that collaborates to realize big picture objectives.
Effective at building cross-business-unit rapport and partnerships in order to drive broader, deeper and more impactful relationships with large enterprise accounts.
Culturally conscious and able to lead, influence and partner across all First American business lines on a global basis.
Balances high levels of personal initiative and drive with poise, maturity, flexibility, and patience.
Effects change through determination and professional influence.
Demonstrated agility learned from working in both large and complex organizations as well as smaller, earlier stage and growth-oriented companies.
Able to apply learnings situationally to ensure that people, process and technology decisions are nimble, adaptable but also represent responsible levels of rigor.

Nice To Haves

Relevant cybersecurity certifications such as CISSP, CISM, or CRISC are strongly preferred.
The successful candidate should hold an undergraduate degree from an accredited institution; an applicable master’s degree or an MBA is highly desirable.

Responsibilities

Establish and execute a multi-year Zero Trust architecture roadmap.
Enhance identity-centric controls and least-privilege governance.
Drive measurable improvements in MTTD and MTTR across Security Operations.
Elevate regulatory defensibility and audit readiness.
Embed security architecture within enterprise cloud and digital transformation initiatives.
Strengthen business continuity, disaster recovery, and cyber resilience posture.
Build leadership depth and high-performance culture across the cybersecurity organization.

Benefits

First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume