VP IT Security and Risk Management (Hybrid)

About Us:

At Selective, we don't just insure uniquely, we employ uniqueness.

Selective is a midsized U.S. domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years. Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2024 and certification as a Great Place to Work® in 2024 for the fifth consecutive year.

Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success. Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs.

Overview:

Selective is seeking a VP of Information Security responsible for leading the information security, risk management, crisis planning, and crisis response functions within the Information Technology department. In the role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends. You will also work across teams to ensure alignment with best practices and deliver security enhancement projects. You will lead teams and projects that are complex in nature and/or of strategic importance to the Selective organization, and will have a moderate number of direct reports consisting of senior managers, managers, architects, engineers, and analysts. This is a unique opportunity to lead and develop a motivated team of security professionals and contribute to the strategic direction of the Information Technology Services (ITS) Department within a growing company.

Responsibilities:

• Assists the SVP, IT Enterprise Strategy and Execution, in managing day-to-day information security, cyber risk management, and incident response activities. Responsible for the daily activities, priorities, and coordination of activities of managers and staff in the security and risk management area.
  
• In alignment with business plans, evaluates the enterprise information security program, identifies gaps, develops short-term corrective plans and long-range strategies, and reports on program health to internal and external stakeholders.
  
• Leads planning and response to disaster recovery events and security incident response. Identifies, manages, and communicates security incidents to key stakeholders. Maintains business impact analyses and business crisis plans.
  
• Responsible and accountable for establishing, updating, and delivering a security awareness and training program.
  
• Develops, maintains, and enforces information security policies and procedures in alignment with stated risk appetite, changes in threats, and overall compliance goals.
  
• Oversees all security audits and tasks. Participates in the technical aspects of all IT-related audits and supports internally and externally managed audit activities.
  
• Collaborates with key business and IT leaders to assess, document, and act on information security risks, in alignment with stated risk appetite. Reports to stakeholders on monitored risks as appropriate.
  
• Responsible for planning, delivering, operating, and monitoring security technology, processes, and controls.
  
• Oversee the planning, administration, and performance of the information security and risk management budget, ensuring alignment with organizational priorities and optimal resource utilization.
  

Qualifications:

Knowledge and Requirements

Expert knowledge of current IT Security techniques, software, and hardware.

Ability to plan and control projects.

Knowledge of risk management and cybersecurity frameworks, including NIST-CSF, ISO-27000, SOX, BASEL II, EU DPD, HIPAA, and PCI D.

Requires excellent verbal and written communication skills, previous leadership of multiple, large, cross-functional teams, and excellent time management abilities.

Demonstrate initiative, exercise good judgment, exhibit strong profit orientation, and have the ability to achieve results through influencing others.

Education and Experience

Bachelor’s degree in Computer Science, Information Technology, Engineering, or a related field.

10 years of experience in Information Technology, with at least 7 years of information security or risk management experience.

5 years of management experience with at least 3 years in senior leadership roles.

Security specific certifications, including CISSP, GIAC, or equivalent designation.

Total Rewards:

Selective Insurance offers a total rewards package that includes a competitive base salary, incentive plan eligibility at all levels, and a wide array of benefits designed to help you and your family stay healthy, achieve your financial goals, and balance the demands of your work and personal life. These benefits include comprehensive health care plans, retirement savings plan with company match, discounted Employee Stock Purchase Program, tuition assistance and reimbursement programs, and paid time off plans. Additional details about our total rewards package will be provided during the recruiting process.

The actual base salary is based on geographic location, and the range is representative of salaries for this role throughout Selective's footprint. Additional considerations include relevant education, qualifications, experience, skills, performance, and business needs.

Pay Range: USD $213,000.00 - USD $293,000.00 /Yr. Additional Information:

Selective is an Equal Employment Opportunity employer. That means we respect and value every individual’s unique opinions, beliefs, abilities, and perspectives. We are committed to promoting a welcoming culture that celebrates diverse talent, individual identity, different points of view and experiences - and empowers employees to contribute new ideas that support our continued and growing success. Building a highly engaged team is one of our core strategic imperatives, which we believe is enhanced by diversity, equity, and inclusion. We expect and encourage all employees and all of our business partners to embrace, practice, and monitor the attitudes, values, and goals of acceptance; address biases; and foster diversity of viewpoints and opinions.