VP, IT Security & Risk Management (Hybrid)

At Selective, we don't just insure uniquely, we employ uniqueness.

Our Business

Selective is a midsized domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years.

Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2024 and certification as a Great Place to Work in 2024 for the fifth consecutive year.

Working at Selective

At Selective, we don't just insure uniquely we employ uniqueness. Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success.

Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs.

Employees receive comprehensive total rewards packages - including competitive compensation and performance awards, health benefits, and retirement savings - and professional development opportunities and flexible schedules to support their health, wealth, and well-being.

Join our team and help make a difference.

Summary

Selective is seeking a VP of Information Security responsible for leading the information security, risk management, crisis planning, and crisis response functions within the Information Technology department.

In the role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends.

You will also work across teams to ensure alignment with best practices and deliver security enhancement projects. You will lead teams and projects that are complex in nature and / or of strategic importance to the Selective organization, and will have a moderate number of direct reports consisting of senior managers, managers, architects, engineers, and analysts.

This is a unique opportunity to lead and develop a motivated team of security professionals and contribute to the strategic direction of the Information Technology Services (ITS) Department within a growing company.

Responsibilities :

• Leads the day-to-day activities of our information security, cyber risk management, and incident response team. Responsible for the daily activities, priorities, and coordination of work across management, technical staff, and consultants.
• Evaluates the enterprise-wide information security program, identifies gaps, executes short-term corrective plans, develops long-range strategies, and reports on program health to internal and external stakeholders, ensuring alignment with overall business plans.
• Leads planning and response to disaster recovery events and security incidents. Identifies, manages, and communicates security incidents to key stakeholders.

Maintains up to date business impact analyses and business crisis plans.

• Responsible and accountable for establishing, updating, and delivering a security awareness and training programs across the enterprise.
• Develops, maintains, and enforces information security policies and procedures in alignment with stated risk appetite, changes in threats, and overall compliance goals.
• Oversees all security audits and tasks. Participates in the technical aspects of all IT related audits and supports internally and externally managed audit activities.
• Collaborates with key business and IT leaders to assess, document, and act on information security risks, in alignment with stated risk appetite.

Reports to stakeholders on monitored risks as appropriate.

• Responsible and accountable for the hiring, development, and performance management of staff within the security organization.
• Responsible and accountable for the planning, administration, and performance of the information security and risk management budget.

Qualifications :

• 10+ years IT experience with at least 7 in the information security and / or information risk management space.
• 5+ years leadership experience that includes development and management of managers or directors.
• Bachelors or greater degree in related discipline preferred.
• Security specific certifications (CISSP, GIAC, CISM, etc.) strongly preferred.
• Excellent communication skills with experience interacting and presenting to staff and leaders across technology and business areas, including executive leadership.
• Experience planning and controlling projects that deliver advance security program maturity.
• Must have expert level knowledge of current IT security techniques, industry trends, suppliers, and technology.
• Knowledge of risk management & cyber-security frameworks including NIST-CSF, NIST-800, ISO-27000, BASEL II, EU DPD, PCI D, HIPAA, SOX.

Salary Range : $184,$ The actual base salary is based on geographic location, and the range is representative of salaries for this role throughout Selective's footprint.

Additional considerations include the candidate's qualifications and experience.

Selective is an Equal Employment Opportunity employer. That means we respect and value every individual’s unique opinions, beliefs, abilities, and perspectives.

We are committed to promoting a welcoming culture that celebrates diverse talent, individual identity, different points of view and experiences and empowers employees to contribute new ideas that support our continued and growing success.

Building a highly engaged team is one of our core strategic imperatives, which we believe is enhanced by diversity, equity, and inclusion.

We expect and encourage all employees and all of our business partners to embrace, practice, and monitor the attitudes, values, and goals of acceptance;

address biases; and foster diversity of viewpoints and opinions.

Selective maintains a drug-free workplace.

LI-SB1

LI-hybrid