We're now at the boldest phase of our Next Horizon journey
At Gore Mutual, we've completely transformed our business in under three years. By investing in top talent and leading technology, we've redefined what it means to be a modern mutual that does good.
Our path forward brings a sharper focus on our business' performance that's powered by innovation and an agile, high-performing culture – we're built for success.
We're well on our way to becoming a purpose-driven, digitally led national insurer. Come join us.
The Director, Enterprise Security and Technical Risk will be responsible for providing challenge and oversight on Gore Mutual's cyber security program including Security Transformation, Security Operations, and Security Architecture teams. In partnership with the Chief Information Security Officer (CISO), the Director will be responsible for executing against the roadmap and strategy defined by the CISO, aligning with the overall security strategy and the defined risk appetite. The CISO owns the strategy and roadmap, while the Director executes these plans under the CISO's leadership.
As a Director, Enterprise Security and Technical Risk the incumbent will support Enterprise Risk Management leadership within Gore Mutual in delivering various oversight and challenge processes including: tracking and reporting on status and quality of key Cyber Security Risk programs; developing and utilizing effective risk appetite metrics that provide insights into current risk level; identifying issues with policy compliance through analysis and testing of controls; monitoring and assessing cyber incidents; and performing thematic reviews to investigate issues and providing value add recommendations.
What will you do?
Provide the vision and Leadership for developing, implementing and monitoring a strategic, comprehensive Security Program aligned to Gore Mutual's overall Strategic Vision
* Develop and implement a sustainable, strategic, long-term information and cyber security roadmap.
* Develop and manage a framework for evaluating the maturity of our Cybersecurity program.
* Own and manage all security metrics and operations, ensuring the understanding of what's in and out of tolerance. Report on these metrics by presenting dashboards and managing the relationship with Gore Mutual's managed service provider. Ensure comprehension of the various signals being received and interpreted.
Partner with business stakeholders across the company to raise awareness of Cybersecurity and risk management concerns
* Work with the broader Information Technology team and business management to align priorities and plans with key business objectives.
* Communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner.
* Work with senior leaders across the business to determine acceptable levels of risk and ensure the security program follows applicable laws, regulations, contractual requirements, and policies to minimize or eliminate risk and address audit findings.
* Review and recommend improvement to our business continuity plans to increase resilience aimed to ensure business operations continue to perform through a disruptive event.
* Own closing the gap between Gore Mutual's risk appetite and maturity goals by driving necessary changes and projects. This includes understanding the budget and investment needed to effectively execute security improvements.
Spearhead Cybersecurity Policy and Business Process Development
* Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure information security and compliance with relevant regulatory and legal policies.
* Lead the development and implementation of information technology and information management security policies, standards and procedures following best practices.
* Ensure the enforcement of IT security policies across the organization.
* Collaborate with both the security and IT teams, ensuring any changes follow IT governance and process.
Develop Metrics and Measures to assist in the Enforcement Process
* Establish annual and long-range security and compliance goals, define Cyber Security strategies, metrics, reporting mechanisms and program services.
* Leverage data driven insight and provide opinions and challenge on key risk indicators.
* In partnership with the CISO, ensure the execution of the cyber security strategy and roadmap, aligning with Gore Mutual's defined risk appetite. The CISO defines the overall strategy, while the Director is responsible for executing initiatives within this framework.
Develop and monitor the department's annual operating and capital budgets, ensuring financial targets are met.
* Assist the CISO with business planning, intake, onboarding; assessment, solutioning and estimation related tasks and deliverables.
* Manage vendors and consultants to ensure delivery of services as per contracts.
* Plan, develop and implement digital modernization and IT transformation initiatives. Assess and communicate risks associated with CTS investments.
* Negotiate service level agreements with internal and external customers and service providers.
* Own the financial management and planning required to execute security projects that close the gap between current practices and Gore Mutual's security maturity goals. Ensure investments are aligned with the roadmap and security strategy.
What will you need to succeed?
* Bachelor's in information technology and/or related field of study in Security.
* 15+ Years of experience in a Leadership role in Information Security building a cybersecurity program.
* 10+ Years of experience in Information Technology.
* 5+ Years of experience in People Leadership.
* CISSP Certification is a must have.
* Ability to present ideas to senior leadership and peers to create alignment.
* Excellent attention to detail and organizational skills to support internal and external teams.
* Confidence to make independent decisions.
#J-18808-Ljbffr