Business Information Security Officer

About The Position

Requirements

• 10+ years of experience in information security, cybersecurity, technology risk, or enterprise technology leadership roles.
• Experience working within complex, federated, or multi-business-unit organizations.
• Demonstrated success partnering with senior technology and business leaders to drive security transformation, operational improvements, and risk reduction.
• Strong knowledge of enterprise security frameworks, vulnerability management, remediation practices, security architecture, and operational risk management.
• Comfortable influencing enterprise governance, technology prioritization, and strategic investment decisions.
• Familiarity with cloud technologies, infrastructure security, application security, identity and access management, and cyber resilience practices.
• Bachelor’s degree in Information Security, Computer Science, Information Technology, Engineering, or a related field required.

Nice To Haves

• Experience within insurance, financial services, or another highly regulated industry.
• Experience leading or building security engineering, remediation, or security operations functions.
• Experience working with PMO, enterprise architecture, and governance organizations.
• Familiarity with secure-by-design practices and modern software development and cloud engineering methodologies.
• Experience presenting to executive leadership and driving cross-functional alignment.
• CISSP, CISM, CRISC, SABSA, or equivalent industry certifications preferred.

Responsibilities

• Partner with enterprise security teams to shape and influence security policies, standards, implementation approaches, and business-aligned security priorities.
• Manage segment security posture in alignment with the security ambassador scorecard and supplement enterprise scorecard reporting with segment-level controls.
• Ensure strong understanding of enterprise security requirements and identify gaps, inconsistencies, and implementation challenges across business units.
• Translate enterprise security objectives into practical, actionable plans for North America P&C.
• Provide leadership visibility into security posture, risks, remediation progress, and operational challenges.
• Facilitate alignment between enterprise security, business leadership, and technology teams to improve consistency, execution, and accountability.
• Develop a deep understanding of the technology landscape across federated business units, including applications, infrastructure, platforms, integrations, and operational processes.
• Partner with business and technology leaders to define security roadmaps aligned to business priorities and operational realities.
• Drive adoption of secure-by-design principles and proactive security practices across new initiatives, technology changes, and transformation efforts.
• Promote early security engagement during planning, architecture, engineering, and delivery phases.
• Help business units prioritize and accelerate remediation of critical vulnerabilities and control gaps.
• Collaborate with architecture teams to recommend security-focused architectural improvements and strategic technology direction.
• Identify systemic blockers impacting security outcomes and recommend practical solutions to improve execution velocity.
• Partner with the PMO and leadership teams to influence funding, prioritization, and sequencing decisions related to security initiatives.
• Advocate for investments that improve resilience, reduce operational risk, and strengthen long-term security maturity.
• Support enterprise and business-led transformation initiatives to ensure security considerations are embedded appropriately.
• Design and implement a remediation-focused Center of Excellence supporting the broad technology landscape of North America P&C.
• Build scalable processes, standards, and engineering practices that improve remediation consistency and effectiveness.
• Provide advisory and hands-on support to business units on architecture, engineering, vulnerability remediation, and secure implementation practices.
• Establish repeatable approaches to accelerate remediation timelines and improve risk reduction outcomes.
• Drive collaboration between infrastructure, engineering, application, cloud, and security teams to improve execution and accountability.
• Develop meaningful metrics, reporting, and dashboards that provide transparency into security posture, remediation progress, operational risks, and business impact.
• Monitor emerging risks, technology changes, and operational trends that may impact the organization’s security posture.
• Promote measurable outcomes and data-driven decision-making across security and technology initiatives.
• Support cyber resilience, recovery preparedness, and operational continuity initiatives across the organization.

Benefits

• Competitive salary and comprehensive benefit package.
• Strong learning culture with ongoing development opportunities.
• Opportunities for growth and career advancement.
• Comprehensive medical, vision, and dental coverage, with eligibility beginning on your first day of employment.
• Basic life and disability insurance.
• 401(k) plan with 6% company match.
• 20 days of PTO, two floating holidays, approximately 11 paid holidays, and volunteer time off.
• Paid parental leave.
• Access to our award-winning wellness program, including mental health services, fitness network membership, and a complimentary Headspace subscription.
• Student loan matching program.
• Employee discount program.