Chief Information Security Officer (CISO)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Computer Engineering, Information Systems, or related discipline.
• The ideal candidate must possess certification (s): Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
• The ideal candidate must have 10+ years in management of business or technology organizations, with demonstrated competency in strategic thinking, leadership, and relationship management, and enterprise-level responsibility.
• The ideal candidate must have 7+ years of direct management experience overseeing security teams and budgets.
• The ideal candidate must have previous experience with regulatory compliance frameworks such as ISO 27001/2, HIPAA, HITRUST, and SOC 2.
• The ideal candidate must have previous experience with cloud security control design and management experience.
• The ideal candidate must have thorough knowledge of finance, budgeting, project management, and systems development lifecycle.
• The ideal candidate must have knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, and web services.
• Must have demonstrated leadership in multi-discipline, high-performance teams, including supervision and professional development of technical staff.
• Must have proven ability to work with geographically diverse offices in a global organization.
• Must have excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across broad groups.
• Must have the ability to deal effectively with concrete, tangible issues as well as abstract, conceptual matters.
• Must demonstrated thought leadership in information security and creating innovative, scalable business solutions with the ability to lead and motivate cross-functional, interdisciplinary teams.
• Must have strong time management skills, ability to handle multiple projects concurrently, and the capacity to be flexible and nimble as business needs change and evolve.

Nice To Haves

• Advanced degree (master’s or PhD) in Information Security, Computer Science, or related field.
• Experience within consulting or professional services organizations.
• Familiarity with enterprise-level cloud technologies, defect tracking tools, agile management tools, and Microsoft Suite.
• Additional certifications (e.g., GIAC, CCSP, CRISC, PMP).

Responsibilities

• Strategic Leadership & Governance Drive the information security function across Milliman, ensuring alignment with organizational goals.
• Establish and implement a global information security vision and strategy by collaborating with the Board, senior leaders, and Equity Principals.
• Design and deliver the security roadmap, including staffing and budget plans, and manage the approved corporate information security budget.
• Serve as an expert advisor to the Board and senior leadership on IT security matters.
• Facilitate organization-wide security enhancements that integrate business objectives with IT infrastructure, physical infrastructure, and human resources.
• Act as the primary change agent facilitating information security improvements in security culture, business relationships, and product/service design.
• Chair the Security Technology Steering Group (STSG).
• Risk Management & Compliance Collaborate with senior leadership on IT-related risk management to identify, assess, and address risks.
• Oversee the development, implementation, and maintenance of global information security policies, standards, guidelines, and procedures.
• Ensure compliance with relevant laws, regulations, and industry frameworks (e.g., ISO 27001, HIPAA, HITRUST, SOC 2).
• Partner with the Legal Department to maintain a collaborative approach to information security and privacy.
• Manage third-party/vendor security risk programs and ensure alignment with corporate policies.
• Serve as a voting member of the Enterprise Risk Management Committee and Technology Operations Committee and act as a key advisor to senior leadership on IT security matters.
• Incident Response & Operational Oversight Oversee emergency procedures and incident response protocols, serving as the control point during significant security incidents.
• Direct teams to detect, report, contain, and mitigate incidents impacting data and infrastructure security.
• Oversee periodic security reviews of all business units and present findings to the Enterprise Risk Committee and Board.
• Partner with the Legal team in response to privacy incidents and significant events.
• Collaborate with IT teams to develop, evaluate, and improve network disaster recovery plans.
• Maintain relationships with law enforcement and relevant government agencies in support of the information security program.
• Program Development & Stakeholder Engagement Develop and implement enterprise-wide security awareness training.
• Build and report on metrics and KPIs to measure program effectiveness.
• Recommend security enhancements and purchases consistent with evolving threats and strategic objectives.
• Stay current on technological advances and identify opportunities for adoption within Milliman.
• Provide coordination, communication, and dissemination of best practices across the organization.
• Support Equity Principals and their practices in security-related matters consistent with GCS service expectations.

Benefits

• Medical, Dental and Vision – Coverage for employees, dependents, and domestic partners.
• Employee Assistance Program (EAP) – Confidential support for personal and work-related challenges
• 401(k) Plan – Includes a company matching program and profit-sharing contributions
• Discretionary Bonus Program – Recognizing employee contributions
• Flexible Spending Accounts (FSA) – Pre-tax savings for dependent care, transportation, and eligible medical expenses
• Paid Time Off (PTO) – Begins accruing on the first day of work. Full-time employees accrue 15 days per year, and employees working less than full-time accrue PTO on a prorated basis
• Holidays – A minimum of 10 paid holidays per year
• Family Building Benefits – Includes adoption and fertility assistance
• Paid Parental Leave – Up to 12 weeks of paid leave for employees who meet eligibility criteria
• Life Insurance & AD&D – 100% of premiums covered by Milliman
• Short-Term and Long-Term Disability – Fully paid by Milliman