Individual contributor providing the highest level of leadership in directing, evaluating, developing, implementing, communicating, operating, monitoring and maintaining information security technologies, security policies and procedures.  Provides state-of-the-art technical expertise and support in identifying risks and recommending appropriate mitigation and effective risk management processes across all aspects of information technology projects.

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

1. Provides technical expertise and support to clients, IT management and staff in risk assessments and the implementation and operation of appropriate information security procedures and products.

2. Designs, evaluates, tests and implements appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery.

3. Understand cloud security solutions and review incoming cloud projects to provide guidance and support to technical cloud teams.

4. Provide guidance on cloud security standards \ policies and advise on enabling cloud native controls to meet highest cyber security standards.

5. Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and data privacy.

6. Identifies regulatory changes that will affect information security policy, standards and procedures and recommends appropriate changes.

7. Acts as an expert technical resource to client and development management and staff in all phases of the development and implementation process.

8. Develops and implements security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications).

9. Identifies emergent vulnerabilities and evaluates associated risks and threats.

10. Develops communications and related campaigns for information security awareness among all staff.

11. Reviews the development, testing and implementation of security plans, products and control techniques.

12. Assist in investigations as needed and recommends appropriate corrective actions for information security incidents.

May perform additional duties as assigned.

Reporting Relationship

Typically Director or above

Skills, Knowledge & Abilities

1. Excellent understanding of security policy construction and publication.   
2. Excellent knowledge of regulations (i.e., SOX, privacy, etc.) and internal controls as they apply to IT.   
3. Working knowledge of any of the common cloud platforms (AWS, Azure and GCP)
4. Ability to influence change in corporate understanding and adoption of information security concepts.   
5. Advanced analytical and problem solving skills.   
6. Excellent communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.  
7. Ability to manage various technical projects to completion.   
8. Advanced computer skills including Microsoft Office suite and other business related software systems.  Other technologies will apply dependent on business area supported.  
9. Preferred insurance industry knowledge. 

Education & Experience

1. Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.   
2. Typically a minimum of eight years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination.