Business Information Security Officer

About The Position

Requirements

• BA/BS in business, security, or technology.
• 8–10+ years of experience in information security, cybersecurity, risk management, governance, physical security, or regulatory compliance, with a focus on business-aligned service delivery.
• Experience working with cross-functional teams.
• Working knowledge of ISO27001, NIST, Cyber Essentials and other security standards
• Deep experience of security architecture and the tooling required to instantiate.
• Experience running a SOC and working cyber incidents.
• Experience leading teams responsible for security across mid-to-large organizations (55+ people).
• Strong understanding of organizational environments and their connection to external business drivers.
• Ability to understand business operations, evaluate risk in context, and connect business initiatives to value and risk.

Nice To Haves

• CISSP, CISM, or equivalent certifications (preferred)
• Knowledge of Property & Casualty insurance is a plus.

Responsibilities

• Support the implementation, maintenance, and continuous improvement of information and physical security programs in alignment with corporate policies, standards, and frameworks.
• Contribute as a key member in shaping both the Brown & Brown security roadmap and divisional technology roadmap.
• Serve as a subject matter expert for information and physical security, supporting strategy development and execution.
• Provide guidance on prioritizing divisional investments that impact security.
• Allocate security resources (architecture, engineering, operations, risk management) to meet divisional needs.
• Support merger and acquisition activities, including pre-deal due diligence and post-deal 90-day security integration.
• Advise divisional leaders on security-related risk and assist in meeting broader risk management and compliance objectives.
• Monitor emerging security trends and assess potential impacts to divisions or profit centers.
• Ensure risk remediation processes are followed, issues are mitigated, and exceptions are tracked according to organizational standards
• Manage IT certification and accreditation processes in collaboration with auditors and certification bodies.
• Oversee regulatory compliance for data privacy and protection across the division.
• Align divisional funding requirements with strategic security initiatives.
• Participate in relevant security and business councils or working groups.
• Educate stakeholders to strengthen awareness and security culture.
• Understand business objectives and translate risk discussions into business-focused terms.
• Drive security risk assessments across the division.
• Engage business partners constructively on security issues.
• Establish clear risk ownership and accountability.
• Ensure compliance with security policies, regulations, and tools.
• Perform other duties as assigned.

Benefits

• Health Benefits: Medical/Rx, Dental, Vision, Life Insurance, Disability Insurance
• Financial Benefits: ESPP; 401k; Student Loan Assistance; Tuition Reimbursement
• Mental Health & Wellness: Free Mental Health & Enhanced Advocacy Services
• Beyond Benefits: Paid Time Off, Holidays, Preferred Partner Discounts and more.