Chief Information Security Officer (CISO)

What You'll Do

This executive will architect and lead a forward-looking, enterprise-wide security strategy designed to protect the confidentiality, integrity, and availability of corporate and client information assets. The mandate encompasses network security, endpoint and EDR capabilities, hybrid and multi-cloud security, identity and privileged access management, application security and DevSecOps integration, governance and compliance, vulnerability management, security engineering, and 24x7 Security Operations.

This role is both strategic and operational - responsible for defining multi-year Zero Trust architecture evolution while ensuring measurable improvements in threat detection, incident response, regulatory compliance, and enterprise resilience.

Security strategy must be deeply embedded within enterprise modernization, digital transformation, and cloud initiatives. The CISO will transition the organization from perimeter-centric defenses toward identity-centric and least-privilege models, strengthen privileged access governance, advance micro-segmentation, and implement continuous verification principles aligned to NIST CSF, ISO 27001, FFIEC, NYDFS, NAIC, HIPAA, PCI, FISMA, and SOX requirements.

The CISO serves as executive leader during material cyber events, coordinating cross-functional crisis response across Legal, Risk, Compliance, Communications, and Business Operations. Regular tabletop exercises, resilience simulations, and regulatory examination leadership are core components of the role.

Broadly, the Chief Information Security Officer will:

• Establish and execute a multi-year Zero Trust architecture roadmap.

• Enhance identity-centric controls and least-privilege governance.

• Drive measurable improvements in MTTD and MTTR across Security Operations.

• Elevate regulatory defensibility and audit readiness.

• Embed security architecture within enterprise cloud and digital transformation initiatives.

• Strengthen business continuity, disaster recovery, and cyber resilience posture.

• Build leadership depth and high-performance culture across the cybersecurity organization.

Qualifications

• The ideal candidate will bring 15+ years of progressive cybersecurity leadership experience.

• Ideally, the new CISO will have experience operating within a regulated industry such as insurance or financial services. Experience from other complex and regulated industries will also be considered.

• The successful executive will demonstrate:

• Experience leading organizations of 100+ cybersecurity professionals.

• Proven oversight of 24x7 Security Operations Centers and cyber defense teams

• Deep expertise in Zero Trust architecture and identity-driven security frameworks.

• Strong regulatory fluency across insurance and financial services control environments.

• Executive-level crisis leadership during significant cyber incidents.

• Board-level communication presence and risk articulation capability

• Innate curiosity, able to see around corners, motivated by the desire to "know what we don't yet know"

• Anticipates risk and responds with proactive layered approaches to security

Personal Characteristics

• The ideal candidate will be, first and foremost, a person that typifies strong personal integrity and places significant value on his/her specific business responsive contributions. Additional character traits sought include:

• An influencer - one who leads and empowers people, creates followership, builds connections, removes roadblocks, and acts as an advocate for their team. Facilitates change management - continuously improving outcomes.

• An iterative / complex thinker, comfortable with ambiguity, informal and high-influence leadership style.

• An analytical and financially minded executive that operates within a framework that utilizes well defined metrics, scorecards, OKR's and KPI's.

• An "in-the-trenches" and "hands-on" executive who can immerse themselves in the technology when needed and is a continuous student of the business and industry.

• Proven management and organizational skills working in a fast-paced and high growth environment; experience scaling a company in a dynamic environment.

• A team builder, capable of recruiting talent and developing high potential talent to their full potential.

• Models the company's core principles and values with creditability. Understands the company's history, current business, and future goals.

• A strong leader that balances empathy with determination, defending their position/strategic direction while considering the position of others. Steady handed - operates from a state of balance and is unflappable.

• A visible and engaging leader who engenders purpose, inspires alignment to support a vision and creates followership.

• A leader who focuses not only on relentless execution to a strategy but also on the development of a team of people who enable the company to achieve these ends - this executive will be an inspirational leader and effective at developing people to reach their full potential.

• An executive with considerable experience leading transformational change and continuous innovation.

• Strong partnership and collaborative style with outstanding communication skills - written, verbal and presentation. Engaging, informative, brief, to the point.

• Able to thrive and lever opportunities derived from being a member of a dynamic, highly collaborative executive team where organizational reporting structure and hierarchy do not dictate effectiveness or ability to have impact.

• Fast mover, nimble and decisive with a demonstrated entrepreneurial approach to business process, balancing control with flexibility, procedure with simplicity, and willingness to innovate and change while creating an environment of rigor and discipline.

• Adept at navigating a complex matrix organization that collaborates to realize big picture objectives. Effective at building cross-business-unit rapport and partnerships in order to drive broader, deeper and more impactful relationships with large enterprise accounts.

• Culturally conscious and able to lead, influence and partner across all First American business lines on a global basis.

• Balances high levels of personal initiative and drive with poise, maturity, flexibility, and patience. Effects change through determination and professional influence.

• Demonstrated agility learned from working in both large and complex organizations as well as smaller, earlier stage and growth-oriented companies. Able to apply learnings situationally to ensure that people, process and technology decisions are nimble, adaptable but also represent responsible levels of rigor.

Education

• The successful candidate should hold an undergraduate degree from an accredited institution; an applicable master's degree or an MBA is highly desirable. Relevant cybersecurity certifications such as CISSP, CISM, or CRISC are strongly preferred.