BITCO Corporation is seeking a
Director, Cybersecurity, to join our home office located in
Davenport, IA. As a respected specialty insurer with 11 branch offices across 10 states, BITCO delivers tailored insurance solutions to complex industries such as construction, forest products, and oil and gas. This position is open to a hybrid work arrangement, blending flexibility with meaningful in-person collaboration.
Position Summary:The Director, Cybersecurity is responsible for overseeing all aspects of cybersecurity and IT compliance/audit shared services information systems, ensuring we remain protected against cyber threats and in compliance with regulatory and company governance. This role will help lead the strategy, prioritization, implementation, and continuous improvement of the company's cybersecurity/compliance/audit frameworks, policies, and processes. This includes managing a team of cybersecurity professionals across application/data, identity access management, operations, and audit/compliance. This key role combines firsthand technical activities with leadership responsibilities, managing a team of security and compliance professionals to safeguard our company.
Primary Responsibilities: - Build and drive our cybersecurity program, strategy, implementation, and maturity roadmap and controls reporting in partnership with our CIO and Old Republic Business Information Security Officer (BISO)
- Directs the work of the Cybersecurity team, including the quality, quantity, and timeliness of work to meet organization, department, and project goals and objectives
- Maintains direct credibility across all facets of cybersecurity including networks, applications, SaaS platforms, end-point protection, vulnerability management, and vendor/supply chain management
- In partnership with business and IT leadership establish, manage, and implement a multi-year cybersecurity roadmap
- Establish security-by-design principles across infrastructure, applications, and enterprise data
- Identify, evaluate, and mitigate risks that could impact the organization. This includes analyzing and responding to potential risk scenarios, assessing their impact, and developing strategies to manage or mitigate risks
- Partner with and mentor the operations teams across M365 hardening, cloud security, network design, endpoint security, vulnerability/patch management and threat analysis and remediation
- Engages and partners across IT Leadership and Business Teams to ensure security and audit best practices and standards are integrated into all workstreams to ensure a security/audit mindset with appropriate artifact collection
- Lead the review and strengthening of the Business Disaster Recovery, Business Continuity, and Incident response, including the annual review and testing processes
- Lead the development and implementation of recovery plans to restore normal operations after a security incident
- Prepare reports and maintain detailed records on governance, risk management, and compliance activities; Prepare detailed reports on security incidents, threats, and overall security landscape. Documents processes, incidents, and lessons learned
- Coordinate and work with BITCO and ORI Internal Audit for all requests - using members of broader organization to ensure responses and controls are completed in a timely, consistent, and auditable fashion
- Monitors and restricts access to sensitive, confidential, or other high-security data
- Oversee and govern the performance of regular system audits and updates to ensure security controls are effective
- Participate in IT Change Advisory Board to ensure production releases meet documented security standards
- Collaborates with users to discuss computer information access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes
- Uses data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information
- Develops and implements plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs
- Reviews violations of security procedures; coordinates and provides training to ensure violations do not recur
- Modifies security files and applications as able and necessary to provide specialized access, allow new software to be installed or integrated, or correct errors
- Performs risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures
- Safeguards system security and improves overall server and network efficiency by training users and promoting security awareness
- Determines virus protection standards and systems by monitoring current reports of computer viruses; facilitates or performs needed updates
- Stay updated with the latest security trends and technologies, and continuously seeks to improve the organization's security posture
- Maintains current company and department procedures. Assigns work, provides training and feedback to team members, and conducts timely and appropriate evaluations of job performance in the department
- As a management representative, consistently acts in the best interest of BITCO and provides leadership and communication to actively promote BITCO's mission, values, and culture
- Performs other duties as assigned
Qualifications:- Bachelor's Degree in Computer Science, related field, or equivalent experience required
- At least 10+ years' experience in IT Security required; prior experience leading cybersecurity initiatives within an IT team preferred
- Minimum 5+ years' experience managing and/or directing a Cybersecurity team
- Proficient and experience with the following:
- IT security risks and mitigation strategies
- Security Incident Response
- Security frameworks, including ISO, NIST and MITRE ATT&CK.
- Company IT and HR policies.
- Various IT security-related regulatory requirements
- IT security logging and monitoring strategies.
- Deployment and use of sophisticated IT security monitoring tools.
- Ability to identify risks, risk mitigation opportunities, and resistance, welcome constructive conflict, and build solutions
- Excellent communication, interpersonal, and presentation skills; ability to work effectively with all levels of the organization
- Proven ability to appropriately handle sensitive data and maintain confidentiality
Benefits: - Competitive salary paired with a comprehensive benefits package
- Generous paid time off, plus 12 paid holidays annually
- Comprehensive health coverage, including medical, dental, and vision plans
- Additional protection through accident, critical illness, and hospital indemnity insurance
- Company-paid life insurance equal to 2× annual salary
- Company-paid short-term and long-term disability coverage
- 401(k) Savings and Profit-Sharing Plan through Old Republic
- Ongoing education, training, and professional development opportunities
- Support for industry certifications and insurance designations, including financial assistance
- Flexible scheduling with a two-hour window for start and end times within a 7.5-hour workday
- Opportunities to give back through corporate philanthropy and community service initiatives
- Optional benefits including travel, commuter, and pet insurance
- Employee wellness support through a dedicated fitness program
