Jobs · Information Technology · New Jersey

Chief Information Security Officer (CISO)

Hippo Insurance · New Jersey, United States · 1 wk ago
HybridInformation TechnologyFull-time

About the role

Hippo is hiring a Chief Information Security Officer to lead cybersecurity strategy, security operations, and governance, risk, and compliance across the enterprise. You will be responsible for protecting Hippo's systems, data, and customers against an evolving threat landscape while ensuring the company meets its regulatory and compliance obligations as a publicly traded, multi-state insurance carrier.

This role owns Hippo's SOC 2 program, leads security operations, and drives compliance with applicable state and federal cybersecurity regulations. You will also own identity governance, privacy and data protection strategy, and third-party risk management.

Responsibilities

  • Further develop and execute Hippo's enterprise cybersecurity strategy, aligned with business risk appetite and regulatory requirements
  • Build and lead the security operations function, including threat detection, incident response, vulnerability management, and threat intelligence
  • Own Hippo's SOC 2 program end-to-end, including control design, evidence collection, readiness assessments, and auditor engagement
  • Lead the governance, risk, and compliance function, maintaining the cybersecurity risk register, policy framework, standards, and control library
  • Drive compliance with applicable state and federal cybersecurity and insurance regulations
  • Support SEC cybersecurity disclosure obligations in coordination with Legal and Finance
  • Own identity governance, including access certification, privileged access management policy, and separation of duties enforcement
  • Own privacy and data protection compliance strategy, partnering with Legal on data handling, breach notification, and policyholder data protection
  • Manage the third-party and vendor cybersecurity risk management program
  • Report to the Board of Directors and Audit and Risk Committee on cybersecurity posture, risk trends, and incident activity
  • Build and lead the security engineering function, owning secure design standards and threat modeling practices that ensure security is embedded from architecture through to deployment
  • Mentor and develop the cybersecurity team and drive a culture of security awareness across the organization
  • Own cybersecurity budgeting, roadmap planning, and technology rationalization
  • Own disaster recovery and business continuity planning across the enterprise, working closely with the CIO and CTO to drive regular testing, validate recovery capabilities, and ensure organizational resilience is aligned to business and cybersecurity risk
  • Lead the enterprise response to supply chain vulnerabilities across open-source dependencies and third-party service providers, owning risk assessment, mitigation, and remediation

Requirements

  • 10+ years of progressive experience in cybersecurity or information security, with at least 5 years in a senior security leadership role (CISO, VP of Security, or Head of Information Security)
  • Experience at a regulated, publicly traded company, including direct involvement in SOX audit cycles
  • End-to-end ownership of a SOC 2 program, including control design, audit preparation, and remediation
  • Experience with cybersecurity regulations in a regulated industry (financial services, insurance, or healthcare preferred)
  • Strong GRC background with experience maintaining risk registers, policy frameworks, and control libraries
  • Proven ability to present cybersecurity risk and incident information to boards of directors, audit committees, and regulators
  • Experience managing third-party and vendor cybersecurity risk programs
  • Excellent cross-functional leadership skills with a track record of partnering effectively with Legal, Finance, Internal Audit, and Engineering

Qualifications

  • Must have a bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field
  • Must have a current CISSP, CISM, CRISC, or CISAW certification

Skills

  • Strong understanding of cybersecurity principles and best practices
  • Experience with security operations, threat hunting, and incident response
  • Knowledge of regulatory compliance requirements and auditing processes
  • Ability to communicate complex technical concepts to non-technical audiences
  • Strong problem-solving and decision-making skills
  • Excellent project management and organizational skills
  • Ability to work independently and as part of a team

Benefits and Perks

  • Healthy Hippos Benefits - Multiple medical plans to choose from and 100% employer-covered dental & vision plans for team members and their families
  • Equity - Eligible for equity compensation
  • Training and Career Growth - Training and internal career growth opportunities
  • Flexible Time Off - Recharge when you need to
  • Little Hippos Program - 12 weeks of parental leave for primary and secondary caregivers
  • Hippo Habitat - Snacks and drinks available and catered lunches for onsite employees
  • Hippo is an equal opportunity employer

Similar jobs