VP, IT Security & Risk Management (Hybrid)

Selective is seeking a VP of Information Security responsible for leading the information security, risk management, crisis planning, and crisis response functions within the Information Technology department. In the role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends. You will also work across teams to ensure alignment with best practices and deliver security enhancement projects. You will lead teams and projects that are complex in nature and/or of strategic importance to the Selective organization, and will have a moderate number of direct reports consisting of senior managers, managers, architects, engineers, and analysts. This is a unique opportunity to lead and develop a motivated team of security professionals and contribute to the strategic direction of the Information Technology Services (ITS) Department within a growing company.

• Leads the day-to-day activities of our information security, cyber risk management, and incident response team. Responsible for the daily activities, priorities, and coordination of work across management, technical staff, and consultants.
• Evaluates the enterprise-wide information security program, identifies gaps, executes short-term corrective plans, develops long-range strategies, and reports on program health to internal and external stakeholders, ensuring alignment with overall business plans.
• Leads planning and response to disaster recovery events and security incidents. Identifies, manages, and communicates security incidents to key stakeholders. Maintains up to date business impact analyses and business crisis plans.
• Responsible and accountable for establishing, updating, and delivering a security awareness and training programs across the enterprise.
• Develops, maintains, and enforces information security policies and procedures in alignment with stated risk appetite, changes in threats, and overall compliance goals.
• Oversees all security audits and tasks. Participates in the technical aspects of all IT related audits and supports internally and externally managed audit activities.
• Collaborates with key business and IT leaders to assess, document, and act on information security risks, in alignment with stated risk appetite. Reports to stakeholders on monitored risks as appropriate.
• Responsible and accountable for the hiring, development, and performance management of staff within the security organization.
• Responsible and accountable for the planning, administration, and performance of the information security and risk management budget.

Knowledge and Requirements

• 10+ years IT experience with at least 7 in the information security and/or information risk management space.
• 5+ years leadership experience that includes development and management of managers or directors.
• Bachelors or greater degree in related discipline preferred.
• Security specific certifications (CISSP, GIAC, CISM, etc.) strongly preferred.
• Excellent communication skills with experience interacting and presenting to staff and leaders across technology and business areas, including executive leadership.
• Experience planning and controlling projects that deliver advance security program maturity.
• Must have expert level knowledge of current IT security techniques, industry trends, suppliers, and technology.
• Knowledge of risk management & cyber-security frameworks including NIST-CSF, NIST-800, ISO-27000, BASEL II, EU DPD, PCI D, HIPAA, SOX.