Head of Controls and Security

RiskStream Collaborative Malvern, Pennsylvania

About The Institutes
A not-for-profit organization located in beautiful Malvern, PA, The Institutes have been the leading provider of risk management and property-casualty insurance education for more than 100 years. By living our values—Put the Customer First, Do What You Say, Work Together, Be Innovative and Do the Right Thing—our talented team partners with our customers to deliver innovative solutions that best empower risk and insurance professionals to help those in need. The Institutes have been named a 2019 Top Workplace by Philly.com. We understand the importance of work-life balance and provide excellent benefits and a friendly and team-focused work environment to drive employee engagement.

Head of Controls & Security
The Institutes has an exciting opportunity for an energetic, forward thinking executive to oversee development and implementation of the information security program for the RiskStream Collaborative, a consortium of insurers, reinsurers, brokers, agents and other industry organizations. The RiskStream Collaborative is a transformational industry-wide effort led by The Institutes to simplify and bring efficiencies to all areas of risk management and insurance through both blockchain/distributed ledger technology and other innovative InsurTech solutions. We are looking for a senior leader with experience leading teams and creating relationships with solutions partners who will directly impact RiskStream’s success by establishing and maintaining an enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Essential Responsibilities:
* Cyber risk management and strategy – Assist in defining and operating cyber risk management processes (cyber risk identification, risk categorization, risk treatment); assist in defining risk appetite and lead the organization to maintain cyber risk to an acceptable level; create and maintain an information security strategy and road map to meet the defined target-state maturity.
* Security architecture and advisory – Provide policy and standards to IT and business teams to use in development of systems; review security issues and suggest tactical and strategic solutions.
* Operate security services -- Lead managed service provider (MSP) to provide security services (e.g., Identity and access management, Data loss prevention, vulnerability mgmt., security monitoring, incident response, etc.)
* Business continuity and resilience – Design and operate processes to continue key business operations in the event of a disaster (man-made, natural, cyber related, etc.)
* Data regulatory and compliance controls – Will provide recommendation on data privacy and associated regulations, such as GDPR as appropriate.

Education and Experience
* Bachelor’s degree in a relevant field (e.g., Information Systems or related major), MBA or other advanced degree required.
* 15+ years of information security experience along with substantial experience in leading teams and managing MSPs.
* Experience in presenting security posture, road map and issues to Boards or Executive Committees. Ability to decompose and communicate complex risk issues to senior management.
* Proven experience on performing and managing IT and information security assessments, and audits related to IT General Controls, ISO 27001, PCI-DSS, SOC reports, physical security, and privacy.
* Proven experience managing across vendor sourced solutions and consultants, ensuring vendor performance and deliverables meet specifications.
* Familiarity with relevant privacy legislation and standards for the protection of information and customer privacy. Knowledge of GDPR and data protection laws.
* Sound working knowledge of industry leading practices (NIST, ISO, SANS, COBIT, CERT) and Regulatory / Compliance Requirements (Sox, PCI, NY DFS, HIPPA, etc.).
* Experience working on leading digital projects or technologies using cloud based services is preferred.
* Experience working for a global insurance or financial services firm is preferred.

The Best Part? The Benefits!
To enforce the importance of work-life balance, employees enjoy excellent benefits, including:
* 401(k) plan with company contribution up to 16%
* Generous time off package that includes paid vacation, personal, sick and holidays
* Paid maternity and parental leave
* Tuition reimbursement
* Medical, dental, vision and prescription coverage
* Free on-site fitness center
* A beautiful 1.25-mile long walking path!