Director - IT Security

11 - 15 years experience  •  Insurance

Salary depends on experience
Posted on 09/21/17
Montpelier, VT
11 - 15 years experience
Salary depends on experience
Posted on 09/21/17


At National Life Group, we are a mission-driven and purposed-filled business.  For us, the cause of what we do is as important as the products we sell.

At National Life, our story is simple: for more than 167years we’ve worked hard to deliver on our promises to millions of people with our vision of providing peace of mind in times of need.  It’s our cause, stemming from a deep passion to live our values to do good, be good and make good, every day.

But our mission extends well beyond the insurance and annuities policies that we sell.  Our cause is also to make the world a better place through grants from our charitable foundation, paid time for our employees to volunteer at nonprofits, environmentally sustainable and healthy work sites, and fun, family friendly events that promote the work of nonprofits in our own backyard.

National Life IT is a highly outsourced, multi-vendor environment, including on-shore and offshore teams. Compelling candidates will have demonstrated success working in this kind of heavily outsourced, distributed environment.

Key Responsibilities

  • Manage all of day-to-day information security operations, policies, architecture, and governance.
  • Provide overall information security management direction to the company.  Manage all due diligence for the security function and security systems.
  • Execute key tasks and projects by the security team, ensuring that they stay on track with goals and timelines.
  • Interact internally and externally with senior level management, including the negotiation of extremely critical matters. Influence policymaking.
  • Maintain ownership of the development, compliance and exceptions to information security policies, standards, and procedures.
  • Maintain a strategic framework for guiding year-over-year Information Securityinvestment decisions, defined with sustainable metrics for measuring performance and outcome.
  • Manage relationships with 3rd party providers of service delivery and security monitoring and/or tools to ensure assets are being protected.
  • Perform risk analysis for corporate functional and technical areas relevant to information security.
  • Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuring, and implementing new/existing security applications/tools.
  • Ensure security best practices are identified and integrated into all facets of projects including network, system designs/configuration, and implementations.
  • Identify and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key securityrisks. Partner with various business areas to enhance security policies/procedures.
  • Facilitate internal and external penetration testing and audit participation, where applicable.
  • Lead the identification, response, investigation, and remediation of potential breaches of and issues surrounding information security.
  • Responsible for executing programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.

Job Requirements

  • Bachelor’s degree, preferred in Business or Computer Science; or relevant work experience.
  • Industry certification, CISSP strongly preferred.
  • Minimum of 10 years of leadership experience in information security and minimum of 4years of information securityexperience.
  • Must have a diverse security background with knowledge in several areas including: developing and implementing layered securityarchitecture; internet protocols; firewalls; VPNtechnologies, anti-virus and spam technologies; risk and vulnerability assessments, compliance to implement information security related standards and initiatives.
  • Working knowledge of system auditing concepts.
  • Ability to evaluate risks to the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions.
  • Ability to build and lead teams to achieve business goals
  • Ability to deliver target outcomes on time and on-budget.
  • Strong understanding of the financial and performance implications of information security-related decisions; capable of developing complete cost-benefit analyses and other key assessments.
  • Demonstrate personal values aligned with our servant leadership tenants
  • Must have strong organization awareness and result oriented mindset to deliver prompt, efficient, quality service to the business partners.
  • Strong team player and be able to influence others as a leader in the organization.
  • Knowledge and understanding of relevant legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
  • Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST.
Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.