Manager - Information Security

About The Position

Requirements

• Bachelor’s degree or equivalent experience.
• 10+ years IT experience; 3+ years IT management experience.
• Experience with security frameworks (NIST, CIS, ISO).

Nice To Haves

• Insurance industry experience.
• Experience leading IT leaders.
• Security certifications (CISSP, CISM, CISA, GIAC).

Responsibilities

• Staffing, onboarding, coaching, performance management, and workforce planning.
• Budget participation and service delivery accountability.
• Lead and assign resources within IT to support business objectives.
• Responsible for the team’s performance and its effects on IT and the business. Share plans and strategies to keep staff motivated and engaged.
• Lead through collaboration, partnering, and clear decision making. Provide leadership and guidance to individual contributors.
• Keep senior IT management informed on problem status, risk, and business satisfaction. Regularly report on information security program performance, including key metrics like vulnerability remediation SLAs, incident response times, and security awareness effectiveness. Escalate major incidents to senior IT management and provide monthly reports for the CISO and Board of Directors.
• Establish risk identification, prioritization, and reporting aligned to business impact.
• Govern policy lifecycle management and compliance oversight.
• Ensures the approval and publication of information security policies and practices.
• Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
• Implement and govern secure configuration standards, IAM governance, SDLC security integration, and awareness training.
• Responsible for the effective acquisition, deployment, and integration of information technology solutions. Ensure effective deployment and flexibility in meeting changing business needs.
• Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
• Working with the CISO develops and drives an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
• Logging, monitoring, vulnerability scanning, remediation SLAs, and escalation.
• Conduct vulnerability scanning, facilitate the vulnerability management process, and escalate as required for critical vulnerabilities and threats.
• Drives alignment and results across IT teams to ensure vulnerability management program is effective.
• Incident response planning, exercises, post-incident improvement, and cyber recovery leadership.
• Strategic leadership to ensure incident response activities are coordinated with privacy, risk management, compliance, and business continuity objectives.
• Vendor security due diligence, contract reviews, and risk mitigation.
• Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
• Security KPIs, executive reporting, and continuous control improvement.
• Establish security metrics, tracking the progress of the Corporate Information Security Program, and coordinate with other corporate governance and risk entities.
• Establish and document information security standards in the PMLC and SDLC processes and provide appropriate review of projects to assess information security policies, practices, and guidelines.