Chief Information Security Officer

HDI Global Insurance Company is a commercial property and casualty insurer headquartered in Chicago, IL. We are a wholly owned subsidiary of HDI Global SE, which manages the industrial lines division of the Talanx Group. Our broad and flexible portfolio of products and services combined with our international network of local insurers in more than 150 countries, provide us the ability to offer a wide range of domestic and global insurance solutions for U.S. based multinational companies.

The Head of Information Security is responsible for developing and executing the information security strategy across the North, Central, and South America (NCSA) regions, with a priority focus on the US. This role focuses on ensuring confidentiality, integrity, and availability of data, systems, and networks critical to business operations, while maintaining compliance with industry regulations. Additionally, the role will work closely with counterparts at the company’s Home Office to align and mature global information security practices, policies, and capabilities. The ideal candidate will bring deep expertise in information security management, regulatory compliance, and risk mitigation, along with extensive experience in the property & casualty insurance industry.

Key Responsibilities

• Information Security Strategy & Execution. Develop and lead the regional information security strategy, aligned with the company’s business goals and global security framework. Define, implement, and maintain security policies, standards, and procedures across the NCSA region, with a priority focus on the US, to ensure protection of company assets and regulatory compliance. Work closely with IT, business units, and other departments to integrate security requirements into technology and business processes.
• Risk Management & Compliance. Oversee risk assessment processes to identify potential threats, vulnerabilities, and compliance gaps; implement controls to mitigate identified risks. Ensure compliance with regional regulatory requirements, such as GDPR, CCPA/CPRA, PIPEDA, GLBA, NYDFS, NAIC Model Law, SOX, PCI-DSS and any relevant industry standards. Lead internal and external security audits, and manage relationships with regulators, auditors, and stakeholders to ensure continuous compliance.
• Collaboration with Global Counterparts. Partner with the Home Office and global security teams to align security frameworks, policies, and best practices. Contribute to global information security maturity initiatives, leveraging insights from regional operations to support worldwide security goals. Share knowledge and best practices with Home Office counterparts to promote a cohesive global security posture.
• Incident Response & Security Operations. Oversee incident detection, response, and recovery processes for security incidents in the region, coordinating with global response teams as needed. Manage security operations, including vulnerability management, threat intelligence, and monitoring of security systems. Develop and maintain a regional incident response plan aligned with global incident response protocols.
• Security Awareness & Training. Drive security awareness programs across the NCSA region, with a priority focus on the US, to foster a security-conscious culture and ensure employees understand security protocols. Provide training and guidance to staff on emerging threats, security best practices, and regulatory changes.
• Leadership & Stakeholder Engagement. Lead, mentor, and develop a high-performing information security team, fostering a collaborative and innovative work environment. Serve as a trusted advisor to senior leadership on information security matters, presenting key metrics, trends, and emerging risks. Engage with business and technology leaders to communicate security risks and influence decision-making on security investments and priorities.

Requirements

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field; advanced degree or equivalent certifications (e.g., GDPR, CCPA/CPRA, PIPEDA, GLBA, NYDFS, NAIC Model Law, SOX, PCI-DSS) are strongly preferred.
• Experience: Minimum of 10 years of experience in information security, with at least 5 years in a leadership role within or consulting to the insurance or financial services industry.
• Domain Knowledge: Deep understanding of information security frameworks (e.g., NIST, ISO 27001), regulatory requirements, and best practices specific to the property & casualty insurance industry.
• Global Experience: Proven track record of working with global teams and aligning regional security practices with global standards.

Technical Skills

• Proficiency in security technologies such as SIEM, IDS/IPS, DLP, firewalls, and encryption.
• Strong experience with cloud security, particularly with AWS, Azure, and/or Google Cloud Platform.
• Familiarity with regional data privacy regulations and compliance standards.

We’re interested in self-motivated individuals who can easily function in a high-demand, performance- driven environment. In addition, we’re looking for people who recognize the accomplishments of the team before the individual and are sought after as people developers. If you’re passionate about problem- solving and helping our business with some of their most complex issues, this role is for you.

• Leads through example by rolling up the sleeves and developing deliverables that serve as training targets for the team.
• Strong organizational skills with the ability to manage multiple tasks and projects simultaneously.
• Strong analytical and problem-solving skills, with attention to detail in identifying and addressing issues.
• Proactive, solution-oriented mindset with the ability to adapt to changes and resolve issues quickly.
• Collaborative and team-oriented, able to build strong relationships across the organization.