Chief Information Security Officer (CISO)

Milliman-posted about 1 month ago
Full-time • Executive
Remote • Seattle, WA
1,001-5,000 employees
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Chief Information Security Officer (CISO) is a senior-level executive responsible for developing, implementing, and overseeing Milliman's global information security program. As a member of Global Corporate Services (GCS) reporting directly to the Chief Information Officer (CIO) and working closely with the CEO, Board of Directors, and Equity Principals, the CISO ensures the confidentiality, integrity, and availability of Milliman's information assets, technology infrastructure, and data across all practices and geographies. This role provides strategic leadership, vision, and governance for all aspects of information security, aligning security initiatives with business objectives and regulatory requirements.

  • Drive the information security function across Milliman, ensuring alignment with organizational goals.
  • Establish and implement a global information security vision and strategy by collaborating with the Board, senior leaders, and Equity Principals.
  • Design and deliver the security roadmap, including staffing and budget plans, and manage the approved corporate information security budget.
  • Serve as an expert advisor to the Board and senior leadership on IT security matters.
  • Facilitate organization-wide security enhancements that integrate business objectives with IT infrastructure, physical infrastructure, and human resources.
  • Act as the primary change agent facilitating information security improvements in security culture, business relationships, and product/service design.
  • Chair the Security Technology Steering Group (STSG).
  • Collaborate with senior leadership on IT-related risk management to identify, assess, and address risks.
  • Oversee the development, implementation, and maintenance of global information security policies, standards, guidelines, and procedures.
  • Ensure compliance with relevant laws, regulations, and industry frameworks (e.g., ISO 27001, HIPAA, HITRUST, SOC 2).
  • Partner with the Legal Department to maintain a collaborative approach to information security and privacy.
  • Manage third-party/vendor security risk programs and ensure alignment with corporate policies.
  • Serve as a voting member of the Enterprise Risk Management Committee and Technology Operations Committee and act as a key advisor to senior leadership on IT security matters.
  • Oversee emergency procedures and incident response protocols, serving as the control point during significant security incidents.
  • Direct teams to detect, report, contain, and mitigate incidents impacting data and infrastructure security.
  • Oversee periodic security reviews of all business units and present findings to the Enterprise Risk Committee and Board.
  • Partner with the Legal team in response to privacy incidents and significant events.
  • Collaborate with IT teams to develop, evaluate, and improve network disaster recovery plans.
  • Maintain relationships with law enforcement and relevant government agencies in support of the information security program.
  • Develop and implement enterprise-wide security awareness training.
  • Build and report on metrics and KPIs to measure program effectiveness.
  • Recommend security enhancements and purchases consistent with evolving threats and strategic objectives.
  • Stay current on technological advances and identify opportunities for adoption within Milliman.
  • Provide coordination, communication, and dissemination of best practices across the organization.
  • Support Equity Principals and their practices in security-related matters consistent with GCS service expectations.
  • Bachelor's degree in Computer Science, Computer Engineering, Information Systems, or related discipline.
  • The ideal candidate must possess certification (s): Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
  • The ideal candidate must have 10+ years in management of business or technology organizations, with demonstrated competency in strategic thinking, leadership, and relationship management, and enterprise-level responsibility.
  • The ideal candidate must have 7+ years of direct management experience overseeing security teams and budgets.
  • The ideal candidate must have previous experience with regulatory compliance frameworks such as ISO 27001/2, HIPAA, HITRUST, and SOC 2.
  • The ideal candidate must have previous experience with cloud security control design and management experience.
  • The ideal candidate must have thorough knowledge of finance, budgeting, project management, and systems development lifecycle.
  • The ideal candidate must have knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, and web services.
  • Must have demonstrated leadership in multi-discipline, high-performance teams, including supervision and professional development of technical staff.
  • Must have proven ability to work with geographically diverse offices in a global organization.
  • Must have excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across broad groups.
  • Must have the ability to deal effectively with concrete, tangible issues as well as abstract, conceptual matters.
  • Must demonstrated thought leadership in information security and creating innovative, scalable business solutions with the ability to lead and motivate cross-functional, interdisciplinary teams.
  • Must have strong time management skills, ability to handle multiple projects concurrently, and the capacity to be flexible and nimble as business needs change and evolve.
  • Advanced degree (master's or PhD) in Information Security, Computer Science, or related field.
  • Experience within consulting or professional services organizations.
  • Familiarity with enterprise-level cloud technologies, defect tracking tools, agile management tools, and Microsoft Suite.
  • Additional certifications (e.g., GIAC, CCSP, CRISC, PMP).
  • Medical, Dental and Vision - Coverage for employees, dependents, and domestic
  • Employee Assistance Program (EAP) - Confidential support for personal and work-related
  • 401(k) Plan - Includes a company matching program and profit-sharing
  • Discretionary Bonus Program - Recognizing employee
  • Flexible Spending Accounts (FSA) - Pre-tax savings for dependent care, transportation, and eligible medical expenses.
  • Paid Time Off (PTO) - Begins accruing on the first day of Full-time employees accrue 15 days per year, and employees working less than full-time accrue PTO on a prorated basis.
  • Holidays - A minimum of 10 paid holidays per
  • Family Building Benefits - Includes adoption and fertility
  • Paid Parental Leave - Up to 12 weeks of paid leave for employees who meet eligibility
  • Life Insurance & AD&D - 100% of premiums covered by
  • Short-Term and Long-Term Disability - Fully paid by
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Chief Information Officer Resume Examples
Chief Information Officer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service