Chief Information Security Officer

About The Position

Requirements

• Minimum 8 years' progressive experience in cybersecurity or information security.
• 3+ years leading InfoSec or cyber teams, ideally within regulated industries (financial services, insurance, fintech, banking).
• Experience with cloud security (AWS, Azure), identity access management, and security architecture.
• Experience with public-company cybersecurity governance and regulatory reporting required.
• Deep knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls).
• Strong understanding of NIST CSF, CIS Controls, ISO 27001, and NAIC Model Law.
• Hands-on experience with SIEM, firewalls, endpoint protection, IAM, cloud security, and vulnerability tools.
• Proven ability to lead security programs in mid-sized organizations.
• Excellent communication skills with technical and non-technical stakeholders.
• Demonstrated ability to brief executives.
• Exceptional time management skills with ability to prioritize tasks and allocate resources efficiently.
• Proven ability to be adaptable and flexible; able to adjust to new requirements or unforeseen issues.
• Expert user of MSO/365 applications such as Microsoft Teams, SharePoint, Word, Excel, PowerPoint, and Outlook.
• Desire to live Slide's Core Values.

Nice To Haves

• Prior experience in P&C insurance, financial services, or other regulated risk-based businesses highly preferred.
• Desired Certifications: CISSP, CISM, CISA, CCSP, CRISC.

Responsibilities

• Develop and maintain the enterprise security roadmap aligned with business strategy, insurance-specific risks, and regulatory obligations.
• Responsible for the cybersecurity program and establish policies, standards, and procedures for cybersecurity, data protection, access control, and technology governance.
• Prepare executive-level reporting on security posture, key risks, and program maturity for CIO, Executive Leadership, and Audit/Risk Committees.
• Lead or support compliance with NIST CSF, ISO 27001, NAIC Model Law, state DOI cyber requirements (e.g., NY DFS, FL OIR etc.), SOX, GLBA, PCI, and privacy regulations.
• Oversee the Security Operations Center (internal and/or external), including threat monitoring, incident detection, and incident response.
• Lead development of modern security architecture including zero-trust principles, cloud security, identity governance, and endpoint security.
• Mature vulnerability management, penetration testing, and security hardening activities across the organization.
• Direct development and testing of incident response plans, tabletop exercises, and post-incident analysis.
• Manage investigation of security alerts, vulnerabilities, and suspicious activities.
• Ensure compliance with NAIC cybersecurity model law, NIST CSF, ISO 27001, state DOI regulations, PCI, GLBA, and privacy requirements.
• Oversee preparation of cybersecurity-related SEC disclosures, including incident reporting and governance statements.
• Partner with internal departments to maintain required documentation and audit readiness.
• Lead third-party risk programs covering vendors, agents, service providers, and cloud platforms.
• Partner with Underwriting, Claims, Product, and Sales to ensure secure design of systems and workflows.
• Work with actuarial and underwriting teams on cybersecurity posture assessments relevant to cyber insurance offerings.
• Ensure contact center, agent portals, field adjuster tools, and policyholder self-service platforms meet security standards.
• Balance strong controls with operational efficiency in a high-volume insurance environment.
• Drive remediation efforts in partnership with infrastructure, networking, DevOps, and application teams.
• Lead business continuity and disaster recovery planning for critical systems.
• Lead cybersecurity assessments for vendors, agent platforms, cloud service providers, and third-party partners.
• Ensure contracts meet required security and privacy standards.
• Oversee data protection strategy, including encryption, access management, retention standards, and sensitive data governance.
• Implement and enforce data protection standards including encryption, retention, and secure data handling for policyholder and agent data.
• Monitor for data-loss risks and manage DLP tools and processes.
• Partner with engineering and DevOps teams to implement secure cloud (AWS/Azure) architecture practices.
• Ensure security controls are embedded in system development, integrations, and modernization efforts.
• Support secure design reviews for new applications, claims tools, underwriting systems, and customer portals.
• Provide leadership to employees and regularly conduct effective and timely structured Progress & Growth Structured Dialogue sessions.
• Coach, train, and develop employees; set goals and lead to success.
• Conduct employee interviews and make staffing recommendations, as needed.
• Manage relationships with key technology and security vendors, including MDR/MSSP partners.
• Build a culture of security awareness across the enterprise, including training, phishing simulations, and workforce engagement.
• Perform other duties, as assigned.

Benefits

• The Slide Vibe - An opportunity to be a part of a fun and innovation-driven culture fueled by Passion, Purpose and Technology! Slide offers many opportunities to collaborate and innovate across the company and departments, as well as get to know other Sliders. From coffee chats, to clubs, to social events - we plan it, so all Sliders feel included and Enjoy their Journey.
• Benefits - Created using Slider feedback, Slide offers a comprehensive and affordable benefits package to cover all aspects of health...Physical, Emotional, Financial, Social and Professional. A Lifestyle Spending Account is set up for each Slider and Slide contributes to it monthly for use on any benefit that individually suits you - Health Your Way!
• 2023, 2024 & 2025 BEST PLACE TO WORK - Tampa Bay Business Journal
• 2024 & 2025 TOP WORKPLACE - Tampa Bay Times (Local) &
• 2024 TOP WORKPLACE - USA Today (National)