Director Information Security

Are you looking to make an impactful difference in your work, yourself, and your community? Why settle for just a job when you can land a career? At ICW Group, we are hiring team members who are ready to use their skills, curiosity, and drive to be part of our  journey as we strive to transform the insurance  carrier space. We're proud to be in business for over 50 years, and its change agents like yourself that will help us continue to deliver our mission to create the best insurance experience possible.

Headquartered in San Diego with regional offices located throughout the United States, ICW Group has been named for seven consecutive years as a Top 50 performing P&C organization offering the stability of a large, profitable and growing company combined with a focus on all things people. It's our team members who make us an employer of choice and the vibrant company we are today. We strive to make both our  internal and external communities better everyday!

PURPOSE OF THE JOB

The purpose of this job is to develop, implement, and drive compliance of both technical security and technical risk management across the enterprise to ensure information assets and technologies are protected. This role provides leadership, operational oversight, and team management to ensure information security and deliver value across IT in support of strategic business goals.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Manages risks related to information security, disaster recovery, business continuity planning, privacy, and compliance.

• Develops, implements, and monitors a strategic, comprehensive enterprise information security and IT risk management program.

• Participates in a committee that brings together key security and risk stakeholders to provide overview and status of the Security Program, develops and reviews enterprise security and risk strategies.

• Develops and enhances an information security management and IT risk framework.

• Coordinates with technology and business groups to assess, remediate, and monitor IT-related security risks.

• Understands the trade-offs required to manage the different levels of information security risk tolerance and risk exposure across the organization and balance this with risk investments.

• Reports security performance against established security metrics and service level agreements.

• Evaluates documented resolutions and analyzes trends for ways to prevent future problems.

• Develops, disseminates, and enforces policies, standards and procedures.

• Evaluates documented resolutions and analyzes trends for ways to prevent future problems.

• Manages 3rd party Security vendor relationships and vendor platforms.

Ensures all staff members are trained on enterprise and industry-regulated security requirements through awareness programs.  

• Creates, executes and maintains an information security awareness and training program for all team members, contractors and approved system users.

• Monitors regulatory compliance with enterprise security policies and educates business unit leaders on compliance efforts.

• Leads security training and communicates policies.

• Ensures all staff members receive orientation and appropriate training in accordance with organizational standards.

• Liaises with other managers to ensure the effective and efficient delivery of services among various activities to increase effectiveness and efficiency. 

• Communicates with clients and other stakeholders to gain community support for projects and solicits input to improve the team.

Develops and leads a team of Information Technology professionals.

• Provides daily direction to IT team.  Communicates Mission, Values and other organization operating principles to direct and indirect reports.

• Establishes and maintains the overall work cadence and, in partnership with IT Leadership, ensures performance and outcomes strive for excellence in delivery and customer experience.  Ensures that the entire assigned IT team is engaged and that leadership practices for the department encourage development, recognition and retention.

• Executes the human resources policies, procedures, and practices of the organization. Ensures that personnel files are properly maintained and kept confidential.

• Establishes and holds team accountable to and adheres to hiring criteria, on-boarding and training requirements for incoming staff.

• Oversees the performance management and development process for the assigned IT team members and performs performance management duties, development planning and coaching for direct reports. 

• Acts as a resource for assigned IT team members to answer questions and solve complex problems.

• Manages assigned IT budget, technology and other resources, workload and customer requests for IT services.  Ensures adherence to all Company policies and procedures and Compliance responsibilities

• Ensures data quality, adherence to IT security guidelines, profitability and other risk-related metrics for self and members of the team.

SUPERVISORY RESPONSIBILITIES

Directly supervises information Security managers and project managers/scrum masters and other IT team members and carries out supervisory responsibilities in accordance with company policies and applicable laws. These responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; conducting performance and salary reviews; rewarding and disciplining employees; addressing complaints and resolving problems; coaching, mentoring, and developing team members to further their skills and knowledge; creating and monitoring development plans; setting performance expectations/goals; forecasting staffing needs and planning for peak times and absences; enforcing department policies and procedures.

EDUCATION AND EXPERIENCE

• Bachelor of Science degree required in Business, Computer Science, Applied Mathematics, Engineering, or related field.

• Minimum 10 years of general IT-related job experience; or equivalent combination of education and experience.

•  Minimum 5 years managing and leading related IT and information security team.

• Experience in cyber security with working knowledge of data analysis, risk assessment and mitigation, investigation methods, incident management concepts and practices, with background in intrusion detection and forensic analysis. 

CERTIFICATES, LICENSES, REGISTRATIONS

Preferred professional certifications: CISSP, CISM, CISA, CCISO,

KNOWLEDGE AND SKILLS

• In-depth knowledge of information security frameworks (e.g., ISO/IEC 27001, NIST).

• Strong understanding of regulatory requirements and compliance issues related to information security in Financial Services.

• Possess technical ability to use and manage Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, Network Packet Analyzers, Malware analysis and forensics tools. 

• Knowledgeable in networking and proven experience in Windows and Linux environments, including Group Policy and Active Directory.

• Demonstrable track record for taking initiative and getting things done under minimal supervision.

• Knowledge of national regulatory compliances and frameworks such as ISO, SOX, HIPAA, and PCI.

• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and encryption protocols. 

• Strong analytic and problem-solving skills. 

• Ability to communicate complex quantitative analysis in a clear, precise and actionable manner. 

• Expert in policy formulation, information security management, and business risk management.  

• Strong IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management skills. 

• Working knowledge of IT financial management and IT audit.

WORK ENVIRONMENT

This position operates in an office environment and requires the frequent use of a computer, telephone, copier, and other standard office equipment.

We are currently not offering employment sponsorship for this opportunity.

#LI-RK1

#LI-HYBRID

The current range for this position is

$160,745.90 - $287,738.43

This range is exclusive of fringe benefits and potential bonuses.  If hired at ICW Group, your final base salary compensation will be determined by factors unique to each candidate, including experience, education and the location of the role and considers employees performing substantially similar work.

WHY JOIN ICW GROUP?
•    Challenging work and the ability to make a difference
•    You will have a voice and feel a sense of belonging
•    We offer a competitive benefits package, with generous medical, dental, and vision plans as well as 401K retirement plans and company match
•    Bonus potential for all positions
•    Paid Time Off with an accrual rate of 5.23 hours per pay period (equal to 17 days per year)
•    11 paid holidays throughout the calendar year
•    Want to continue learning? We’ll support you 100%

ICW Group is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. ICW Group will not discriminate against an applicant or employee on the basis of race, color, religion, national origin, ancestry, sex/gender, age, physical or mental disability, military or veteran status, genetic information, sexual orientation, gender identity, gender expression, marital status, or any other characteristic protected by applicable federal, state or local law.

___________________

Job Category

IT