Business Information Security Officer

Business Information Security Officer, North America P&C

Location: New York, NY; New Jersey; Boston, MA; or Philadelphia, PA Work Arrangement: Hybrid Reports To: Chief Business Technology Officer, North America P&C Employment Type: Full Time

Help us insure it

Tokio Marine HCC is a global industry-leading specialty insurance group, backed by the strength and stability of the Tokio Marine Group. Offering over 100 classes of specialty insurance, we empower clients to pursue opportunities confidently through our "Mind Over Risk" philosophy. More than an insurance company, we are an organization built on innovation, unity, and trust.

At our core, we are Always Advancing, driven by innovation and an entrepreneurial spirit that keeps us moving forward. Our people are Experts in Tomorrow, using curiosity and smart working to anticipate what's next. With a culture rooted in Reaching Out, we foster genuine collaboration and support, ensuring every individual has the opportunity to succeed and make a difference.

Role Overview

The Business Information Security Officer, North America P&C serves as the senior security leader and strategic partner to the North America P&C business and technology organizations. Reporting to the Chief Business Technology Officer, North America P&C, this role works across business units to improve transparency, accelerate security outcomes, and strengthen the organization's ability to operate securely and resiliently.

This leader will partner closely with TMHCC's CISO, enterprise security function, architecture, infrastructure, engineering, business leadership, and technology teams to align security strategy with business priorities while driving practical, measurable improvements across the technology landscape.

The role is responsible for helping business units adopt secure-by-design practices, proactively address vulnerabilities, improve remediation execution, and mature security governance and operational effectiveness. This position will also lead the development of a remediation-focused Center of Excellence that provides hands-on guidance, architectural support, and engineering expertise to accelerate risk reduction across a federated environment.

Key Responsibilities

Enterprise Security Partnership and Governance

• Partner with enterprise security teams to shape and influence security policies, standards, implementation approaches, and business-aligned security priorities.
• Manage segment security posture in alignment with the security ambassador scorecard and supplement enterprise scorecard reporting with segment-level controls.
• Ensure strong understanding of enterprise security requirements and identify gaps, inconsistencies, and implementation challenges across business units.
• Translate enterprise security objectives into practical, actionable plans for North America P&C.
• Provide leadership visibility into security posture, risks, remediation progress, and operational challenges.
• Facilitate alignment between enterprise security, business leadership, and technology teams to improve consistency, execution, and accountability.

Business Unit Security Strategy and Roadmap Development

• Develop a deep understanding of the technology landscape across federated business units, including applications, infrastructure, platforms, integrations, and operational processes.
• Partner with business and technology leaders to define security roadmaps aligned to business priorities and operational realities.
• Drive adoption of secure-by-design principles and proactive security practices across new initiatives, technology changes, and transformation efforts.
• Promote early security engagement during planning, architecture, engineering, and delivery phases.
• Help business units prioritize and accelerate remediation of critical vulnerabilities and control gaps.

Security Architecture and Investment Enablement

• Collaborate with architecture teams to recommend security-focused architectural improvements and strategic technology direction.
• Identify systemic blockers impacting security outcomes and recommend practical solutions to improve execution velocity.
• Partner with the PMO and leadership teams to influence funding, prioritization, and sequencing decisions related to security initiatives.
• Advocate for investments that improve resilience, reduce operational risk, and strengthen long-term security maturity.
• Support enterprise and business-led transformation initiatives to ensure security considerations are embedded appropriately.

Remediation Center of Excellence

• Design and implement a remediation-focused Center of Excellence supporting the broad technology landscape of North America P&C.
• Build scalable processes, standards, and engineering practices that improve remediation consistency and effectiveness.
• Provide advisory and hands-on support to business units on architecture, engineering, vulnerability remediation, and secure implementation practices.
• Establish repeatable approaches to accelerate remediation timelines and improve risk reduction outcomes.
• Drive collaboration between infrastructure, engineering, application, cloud, and security teams to improve execution and accountability.

Operational Transparency and Risk Reduction

• Develop meaningful metrics, reporting, and dashboards that provide transparency into security posture, remediation progress, operational risks, and business impact.
• Monitor emerging risks, technology changes, and operational trends that may impact the organization's security posture.
• Promote measurable outcomes and data-driven decision-making across security and technology initiatives.
• Support cyber resilience, recovery preparedness, and operational continuity initiatives across the organization.

What You Bring

• You have 10+ years of experience in information security, cybersecurity, technology risk, or enterprise technology leadership roles.
• You have experience working within complex, federated, or multi-business-unit organizations.
• You have demonstrated success partnering with senior technology and business leaders to drive security transformation, operational improvements, and risk reduction.
• You bring strong knowledge of enterprise security frameworks, vulnerability management, remediation practices, security architecture, and operational risk management.
• You are comfortable influencing enterprise governance, technology prioritization, and strategic investment decisions.
• You have familiarity with cloud technologies, infrastructure security, application security, identity and access management, and cyber resilience practices.

Preferred Experience

• Experience within insurance, financial services, or another highly regulated industry.
• Experience leading or building security engineering, remediation, or security operations functions.
• Experience working with PMO, enterprise architecture, and governance organizations.
• Familiarity with secure-by-design practices and modern software development and cloud engineering methodologies.
• Experience presenting to executive leadership and driving cross-functional alignment.

Education and Certifications

Required Education

• Bachelor's degree in Information Security, Computer Science, Information Technology, Engineering, or a related field required.

Preferred Certifications

• CISSP, CISM, CRISC, SABSA, or equivalent industry certifications preferred.

Leadership Competencies

• Strategic thinker with strong operational execution capability.
• Collaborative leader capable of influencing across business and technology functions.
• Strong communicator with excellent stakeholder management skills.
• Pragmatic and solutions-oriented, with the ability to balance security, operational, and business objectives.
• Data-driven mindset with the ability to translate complex risks into actionable priorities.
• Comfortable operating in fast-moving environments with competing priorities and organizational complexity.

What We Offer

• Competitive salary and comprehensive benefit package.
• Strong learning culture with ongoing development opportunities.
• Opportunities for growth and career advancement.
• Comprehensive medical, vision, and dental coverage, with eligibility beginning on your first day of employment.
• Basic life and disability insurance.
• 401(k) plan with 6% company match.
• 20 days of PTO, two floating holidays, approximately 11 paid holidays, and volunteer time off.
• Paid parental leave.
• Access to our award-winning wellness program, including mental health services, fitness network membership, and a complimentary Headspace subscription.
• Student loan matching program.
• Employee discount program.
• An opportunity to do meaningful work and love what you do.

Pay Transparency

The pay range for this position is $156,700 - $345,800, which includes geographic adjustments, where applicable. The pay range is the range TMHCC, in good faith, believes is the range of compensation for this role at the time of this posting.