Head of Security
Ignyte Insurance · Conshohocken, PA · 3 wk ago
On-siteInformation TechnologyFull-time
About the role
Ignyte Insurance Services is a fast-moving, multi-entity insurance company that leverages cybersecurity to support its acquisition strategy. The Head of Security oversees the entire security program, including engineering, operations, governance/risk/compliance, and incident response.
Responsibilities
- Own day-to-day security operations: detection & response, EDR/XDR, email security, endpoint management, SIEM/log management, and vulnerability management.
- Drive measurable gains in detection coverage, mean time to detect/respond, and operational maturity.
- Manage MDR/MSSP and tooling vendor relationships.
- Lead security posture across Microsoft Azure and Microsoft 365 / Entra ID (Defender suite, conditional access, identity governance, and privileged access).
- Operate cloud security posture management and drive remediation to closure.
- Lead pre-acquisition cyber due diligence: external attack surface mapping, gap assessment, etc.
- Own post-close security integration (onboarding acquired entities onto the common baseline, rationalizing overlapping tooling, and supporting TSA stand-up and exit).
- Own the incident response program (playbooks, tabletop exercises, forensics/vendor coordination, and executive communication during incidents).
- Own the GRC function: security risk management, the risk register, policy and standards, and control-framework alignment (NIST CSF / CIS Controls).
- Run the security exception, remediation, and risk-acceptance process and surface residual risk to executive leadership.
- Lead, mentor, and grow the security team.
- Build global relationships within a matrixed organization.
- Own the security operations budget and roadmap; report posture and risk to the CISO and leadership.
Requirements
- 10+ years in information security, including 4+ years in security leadership.
- Deep, hands-on expertise with the CrowdStrike suite of tools, including Falcon (EDR/XDR, threat hunting, response, Spotlight).
- Strong Microsoft Azure and Microsoft 365 / Entra ID security expertise (Defender, conditional access, identity governance).
- Hands-on incident response leadership and modern SecOps practices (detection engineering, vulnerability management).
- Experience in a regulated industry (insurance or financial services), with working knowledge of NYDFS 23 NYCRR 500 or a comparable regime.
- Demonstrable experience with email threat detection and endpoint management, log management/detection (SIEM), and external attack surface management.
Preferred Qualifications
- Previous MSP/MSSP experience highly desired.
- Experience in a highly acquisitive, multi-entity environment.
- Insurance, MGA/MGU, or brokerage industry background.
- Relevant certifications (e.g., CISSP, CCSP, Azure Security Engineer, GIAC).
- Track record standing up or maturing a security program through rapid inorganic growth.
- Experience in M&A cyber due diligence and integration, assessing and onboarding acquired companies onto a common security baseline.