Business Information Security Officer
About the role
The Business Information Security Officer, North America P&C serves as the senior security leader and strategic partner to the North America P&C business and technology organizations. Reporting to the Chief Business Technology Officer, North America P&C, this role works across business units to improve transparency, accelerate security outcomes, and strengthen the organization’s ability to operate securely and resiliently.
Responsibilities
Partner with enterprise security teams to shape and influence security policies, standards, implementation approaches, and business-aligned security priorities.
Manage segment security posture in alignment with the security ambassador scorecard and supplement enterprise scorecard reporting with segment-level controls.
Ensure strong understanding of enterprise security requirements and identify gaps, inconsistencies, and implementation challenges across business units.
Translate enterprise security objectives into practical, actionable plans for North America P&C.
Provide leadership visibility into security posture, risks, remediation progress, and operational challenges.
Facilitate alignment between enterprise security, business leadership, and technology teams to improve consistency, execution, and accountability.
Develop a deep understanding of the technology landscape across federated business units, including applications, infrastructure, platforms, integrations, and operational processes.
Partner with business and technology leaders to define security roadmaps aligned to business priorities and operational realities.
Drive adoption of secure-by-design principles and proactive security practices across new initiatives, technology changes, and transformation efforts.
Promote early security engagement during planning, architecture, engineering, and delivery phases.
Help business units prioritize and accelerate remediation of critical vulnerabilities and control gaps.
Collaborate with architecture teams to recommend security-focused architectural improvements and strategic technology direction.
Identify systemic blockers impacting security outcomes and recommend practical solutions to improve execution velocity.
Partner with the PMO and leadership teams to influence funding, prioritization, and sequencing decisions related to security initiatives.
Advocate for investments that improve resilience, reduce operational risk, and strengthen long-term security maturity.
Support enterprise and business-led transformation initiatives to ensure security considerations are embedded appropriately.
Design and implement a remediation-focused Center of Excellence supporting the broad technology landscape of North America P&C.
Build scalable processes, standards, and engineering practices that improve remediation consistency and effectiveness.
Provide advisory and hands-on support to business units on architecture, engineering, vulnerability remediation, and secure implementation practices.
Establish repeatable approaches to accelerate remediation timelines and improve risk reduction outcomes.
Drive collaboration between infrastructure, engineering, application, cloud, and security teams to improve execution and accountability.
Develop meaningful metrics, reporting, and dashboards that provide transparency into security posture, remediation progress, operational risks, and business impact.
Monitor emerging risks, technology changes, and operational trends that may impact the organization’s security posture.
Promote measurable outcomes and data-driven decision-making across security and technology initiatives.
Support cyber resilience, recovery preparedness, and operational continuity initiatives across the organization.
Qualifications
You have 10+ years of experience in information security, cybersecurity, technology risk, or enterprise technology leadership roles.
You have experience working within complex, federated, or multi-business-unit organizations.
You have demonstrated success partnering with senior technology and business leaders to drive security transformation, operational improvements, and risk reduction.
You bring strong knowledge of enterprise security frameworks, vulnerability management, remediation practices, security architecture, and operational risk management.
You are comfortable influencing enterprise governance, technology prioritization, and strategic investment decisions.
You have familiarity with cloud technologies, infrastructure security, application security, identity and access management, and cyber resilience practices.
Preferred Experience
Experience within insurance, financial services, or another highly regulated industry.
Experience leading or building security engineering, remediation, or security operations functions.
Experience working with PMO, enterprise architecture, and governance organizations.
Familiarity with secure-by-design practices and modern software development and cloud engineering methodologies.
Experience presenting to executive leadership and driving cross-functional alignment.
What You Bring
You have a Bachelor’s degree in Information Security, Computer Science, Information Technology, Engineering, or a related field.
You have relevant certifications such as CISSP, CISM, CRISC, SABSA, or equivalent industry certifications.
You are a strategic thinker with strong operational execution capability.
You are a collaborative leader capable of influencing across business and technology functions.
You are a strong communicator with excellent stakeholder management skills.
You are pragmatic and solutions-oriented, with the ability to balance security, operational, and business objectives.
You have a data-driven mindset with the ability to translate complex risks into actionable priorities.
You are comfortable operating in fast-moving environments with competing priorities and organizational complexity.