The Information Security Director manages the information security operations and develops strategies to ensure Church Mutual Group’s digital assets are protected, remain confidential, ensure integrity and availability of all systems. This role will also have responsibility to communicate risk to senior management, create, maintain and enforce policies, information security processes to ensure compliance with regulatory requirements. To support these activities, the Director coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. The Director will ensure annual risk assessments and business impact analysis are performed in a timely manner, lead the incident response team and ensure that security is maintained for disaster recovery and incident response plans. Supervisor responsibilities to include staffing, training and development, performance management, and work force planning.

PRIMARY JOB RESPONSIBILITIES

Supervisor/Manager responsibilities may include all of the following:     

• Staffing needs, to include interviewing and onboarding for new employees.
• Training and development, as well as coaching and motivation for staff.
• Performance Management, goal setting, employee engagement, and salary administration.
• Workforce Management to include; unit equipment, software, and space needs, approving time off and overtime usage, and budget recommendations.

Manage and allocate resources to IT areas to ensure the achievement of business goals. Accountable for team service delivery performance and for the impact of the results on IT and the business. Communicate strategy and develop plans to foster high level of staff engagement.

Responsible for the effective acquisition, deployment, and integration of information technology solutions. Ensure effective deployment and flexibility in meeting changing business needs.   Develop plans and completion criteria and coordinate efforts of team members, vendors, subcontractors, and CMIC personnel.

Enable the organization's flexibility through effective leadership and direction.   Ensure availability of technology resources with the appropriate knowledge and skills.

Maintain contact with senior IT management and communicate problem progress/status, risk management, and business satisfaction updates. Provide regular reporting on the current status of the information security program and significant incidents to senior IT management and the Board of Directors.

Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.

Assist departments if fulfilling their information security requirements and assessing department-level compliance.

Align information security vision and strategy with CISO, organizational business objectives and priorities.

Oversee the approval, annual review and publication of information security policies and standards.

Provide input for the IT section of the company's code of conduct.

Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other regulatory requirements, such as data privacy.

Collaborate with Compliance for reporting and escalating security incidents, as necessary, lead security incident response efforts.

Establish security metrics, tracking the progress of the Corporate Information Security Program, and coordinate with other corporate governance and risk entities.

Establish and document information security standards in the PMLC and SDLC processes and provide appropriate review of projects to assess information security policies, practices, and guidelines.

Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.

Conduct vulnerability scanning, facilitate the vulnerability management process, and escalate as required for critical vulnerabilities and threats.

Participate in department capital, expense, and compensation budgeting.

Perform vendor negotiations, contract management, escalation, purchase request, and invoice verification.

Required Skills

• Financial management including budgeting and strategic planning.
• Knowledge of common information security management frameworks, such as ITIL, NIST Cybersecurity Framework and Critical Security Controls.
• Knowledge of SDLC methodologies.
• Knowledge of business risk management.
• Strong knowledge of MS Office tools.
• Strong in character, high degree of personal integrity and ability to build trust.
• Proven ability to deliver results.
• Ability to lead and mentor staff in a changing environment and provide career development coaching through influence
• Excellent strategic thinking and planning skills.
• Effective collaboration skills.
• Effective interpersonal, written, verbal and listening communication, as well as public speaking and presentation skills.
• Strongproblem‑solving skills.

Required Experience

• Bachelor's degree in related field (e.g., business, finance, or technical) or equivalent experience required.
• 10+ years technical experience working in an IT organization required.
• 10+ years leadership/management experience required.
• Insurance industry experience preferred.
• Experience with contract and vendor negotiations.
• Experience leading operational teams, establishing and monitor performance metrics.
• Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.

Church Mutual Insurance Company is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

• Financial management including budgeting and strategic planning.
• Knowledge of common information security management frameworks, such as ITIL, NIST Cybersecurity Framework and Critical Security Controls.
• Knowledge of SDLC methodologies.
• Knowledge of business risk management.
• Strong knowledge of MS Office tools.
• Strong in character, high degree of personal integrity and ability to build trust.
• Proven ability to deliver results.
• Ability to lead and mentor staff in a changing environment and provide career development coaching through influence
• Excellent strategic thinking and planning skills.
• Effective collaboration skills.
• Effective interpersonal, written, verbal and listening communication, as well as public speaking and presentation skills.
• Strongproblem‑solving skills.