Risk Management: Conduct comprehensive risk assessments and security audits, focusing on identifying and mitigating potential vulnerabilities in the organization's IT infrastructure and processes.
Data Privacy and Security: Oversee the protection of sensitive data, implementing robust data privacy and security measures, and ensuring compliance with relevant laws and regulations.
Access Control: Manage and optimize access control systems, ensuring secure authentication and authorization processes for both physical and digital assets.
Security Policies and Compliance: Develop, update, and enforce security policies and procedures, ensuring compliance with industry standards and regulatory requirements.Security Awareness and Training: Lead security awareness programs and training initiatives, educating staff on best practices, and promoting a culture of security mindfulness.
Incident Management and Response: Direct and coordinate the organization's response to security incidents, ensuring timely and effective management, and recovery from security breaches or attacks.
Physical and IT Infrastructure Security: Oversee the security of both physical facilities and IT infrastructure, ensuring integrated security measures are consistently applied.
Business Continuity and Disaster Recovery: Develop and maintain business continuity and disaster recovery plans, ensuring the organization's resilience in the face of disruptions.
Vendor and Third-Party Security: Manage the security aspects of vendor and third-party relationships, ensuring external services and products meet the organization's security standards.
Hands-On Management: Manage the IT Security and Support team, delegating tasks and ensuring efficient operation of IT support.
10+ years in hands-on IT positions with a focus on risk management, data privacy, access control, and incident response.
Has experience in Information Security positions, analyzing and applying information security risk, risk management, and privacy practices
Expertise in IT and security tools such as JumpCloud, Okta, Crowdstrike
Has experience in running cloud infrastructures on AWS
Demonstrated ability to develop, enforce IT security policies and procedures, and lead security awareness and training programs.
Proven experience with security frameworks and regulatory/compliance requirements like ISO 27001, SOC 2, PCI, GDPR, CCPA, etc.
In-depth knowledge of technology security and defenses against cyber-attacks.
Relevant IT security certifications such as CISSP, CISM, AWS Certified (Plus)
Competitive pay and shares which provide huge upside wealth potential as we disrupt the insurance industry with technology
Our team is fully remote and we’re open to hiring anywhere. Our customers are in the US and we require your working hours to fully overlap with PST timezone.
US Based IT Company
Delivers a combination of technology, real-time service, and sales support to the insurance agency’s customers.