Chief Information Security Officer

About the job Slide Insurance - Fun. Innovation Driven. Fueled by Passion, Purpose and Technology. At Slide, you will not only be part of a successful team, but you will also be a part of our Slide Vibe/award winning culture where collaboration and innovation are expected, recognized and awarded! Duties and Responsibilities Security Strategy & Governance Develop and maintain the enterprise security roadmap aligned with business strategy, insurance-specific risks, and regulatory obligations. Responsible for the cybersecurity program and establish policies, standards, and procedures for cybersecurity, data protection, access control, and technology governance. Prepare executive-level reporting on security posture, key risks, and program maturity for CIO, Executive Leadership, and Audit/Risk Committees. Lead or support compliance with NIST CSF, ISO 27001, NAIC Model Law, state DOI cyber requirements (e.g., NY DFS, FL OIR etc.), SOX, GLBA, PCI, and privacy regulations. Cybersecurity Program Management Oversee the Security Operations Center (internal and/or external), including threat monitoring, incident detection, and incident response. Lead development of modern security architecture including zero‑trust principles, cloud security, identity governance, and endpoint security. Mature vulnerability management, penetration testing, and security hardening activities across the organization. Direct development and testing of incident response plans, tabletop exercises, and post‑incident analysis. Manage investigation of security alerts, vulnerabilities, and suspicious activities. Regulatory Compliance & Public Company Requirements Ensure compliance with NAIC cybersecurity model law, NIST CSF, ISO 27001, state DOI regulations, PCI, GLBA, and privacy requirements. Oversee preparation of cybersecurity‑related SEC disclosures, including incident reporting and governance statements. Partner with internal departments to maintain required documentation and audit readiness. Lead third‑party risk programs covering vendors, agents, service providers, and cloud platforms. Business Partnership & Insurance‑Specific Risk Management Partner with Underwriting, Claims, Product, and Sales to ensure secure design of systems and workflows. Work with actuarial and underwriting teams on cybersecurity posture assessments relevant to cyber insurance offerings. Ensure contact center, agent portals, field adjuster tools, and policyholder self‑service platforms meet security standards. Balance strong controls with operational efficiency in a high‑volume insurance environment. Drive remediation efforts in partnership with infrastructure, networking, DevOps, and application teams. Lead business continuity and disaster recovery planning for critical systems. Third‑Party Risk Management Lead cybersecurity assessments for vendors, agent platforms, cloud service providers, and third‑party partners. Ensure contracts meet required security and privacy standards. Data Protection & Privacy Oversee data protection strategy, including encryption, access management, retention standards, and sensitive data governance. Implement and enforce data protection standards including encryption, retention, and secure data handling for policyholder and agent data. Monitor for data‑loss risks and manage DLP tools and processes. Cloud & Application Security Partner with engineering and DevOps teams to implement secure cloud (AWS/Azure) architecture practices. Ensure security controls are embedded in system development, integrations, and modernization efforts. Support secure design reviews for new applications, claims tools, underwriting systems, and customer portals. Team Leadership & Capability Building Provide leadership to employees and regularly conduct effective and timely structured progress and growth dialogues. Coach, train, and develop employees; set goals and lead to success. Conduct employee interviews and make staffing recommendations, as needed. Manage relationships with key technology and security vendors, including MDR/MSSP partners. Build a culture of security awareness across the enterprise, including training, phishing simulations, and workforce engagement. Perform other duties, as assigned. Qualifications: Education, Experience and Licensing Requirements Minimum 8 years’ progressive experience in cybersecurity or information security. 3+ years leading InfoSec or cyber teams, ideally within regulated industries (financial services, insurance, fintech, banking). Experience with cloud security (AWS, Azure), identity access management, and security architecture. Experience with public‑company cybersecurity governance and regulatory reporting required. Prior experience in P&C insurance, financial services, or other regulated risk‑based businesses highly preferred. Desired Certifications: CISSP, CISM, CISA, CCSP, CRISC. Qualifications/Skills and Competencies Deep knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls). Strong understanding of NIST CSF, CIS Controls, ISO 27001, and NAIC Model Law. Hands‑on experience with SIEM, firewalls, endpoint protection, IAM, cloud security, and vulnerability tools. Proven ability to lead security programs in mid‑sized organizations. Excellent communication skills with technical and non‑technical stakeholders. Demonstrated ability to brief executives. Exceptional time management skills with ability to prioritize tasks and allocate resources efficiently. Proven ability to be adaptable and flexible; able to adjust to new requirements or unforeseen issues. Expert user of MSO/365 applications such as Microsoft Teams, SharePoint, Word, Excel, PowerPoint, and Outlook. Desire to live Slide’s Core Values. Compensation: Benefits Slide offers a comprehensive and affordable benefits package to cover all aspects of health, physical, emotional, financial, social and professional needs. A Lifestyle Spending Account is set up for each Slider and Slide contributes to it monthly for use on any benefit that individually suits you – Health Your Way! We know how to fine‑tune corporate security because we've led effective and efficient Fortune 500‑level security programs. #J-18808-Ljbffr