VP, IT Security & Risk Management (Hybrid)

About UsAt Selective, we don't just insure uniquely, we employ uniqueness.Selective is a midsized U.S. domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years. Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2024 and certification as a Great Place to Work® in 2024 for the fifth consecutive year.Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success. Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs. OverviewSelective is seeking a VP of Information Security responsible for leading the information security, risk management, crisis planning, and crisis response functions within the Information Technology department.  In the role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends.  You will also work across teams to ensure alignment with best practices and deliver security enhancement projects.   You will lead teams and projects that are complex in nature and / or of strategic importance to the Selective organization, and will have a moderate number of direct reports consisting of senior managers, managers, architects, engineers, and analysts.  This is a unique opportunity to lead and develop a motivated team of security professionals and contribute to the strategic direction of the Information Technology Services (ITS) Department within a growing company.ResponsibilitiesLeads the day-to-day activities of our information security, cyber risk management, and incident response team. Responsible for the daily activities, priorities, and coordination of work across management, technical staff, and consultants.Evaluates the enterprise-wide information security program, identifies gaps, executes short-term corrective plans, develops long-range strategies, and reports on program health to internal and external stakeholders, ensuring alignment with overall business plans.Leads planning and response to disaster recovery events and security incidents. Identifies, manages, and communicates security incidents to key stakeholders.  Maintains up to date business impact analyses and business crisis plans.Responsible and accountable for establishing, updating, and delivering a security awareness and training programs across the enterprise.Develops, maintains, and enforces information security policies and procedures in alignment with stated risk appetite, changes in threats, and overall compliance goals.Oversees all security audits and tasks. Participates in the technical aspects of all IT related audits and supports internally and externally managed audit activities.Collaborates with key business and IT leaders to assess, document, and act on information security risks, in alignment with stated risk appetite. Reports to stakeholders on monitored risks as appropriate.Responsible and accountable for the hiring, development, and performance management of staff within the security organization.Responsible and accountable for the planning, administration, and performance of the information security and risk management budget.QualificationsKnowledge and Requirements10 years IT experience with at least 7 in the information security and / or information risk management space.5 years leadership experience that includes development and management of managers or directors.Bachelors or greater degree in related discipline preferred.Security specific certifications (CISSP, GIAC, CISM, etc.) strongly preferred.Excellent communication skills with experience interacting and presenting to staff and leaders across technology and business areas, including executive leadership.Experience planning and controlling projects that deliver advance security program maturity.Must have expert level knowledge of current IT security techniques, industry trends, suppliers, and technology. Knowledge of risk management & cyber-security frameworks including NIST-CSF, NIST-800, ISO-27000, BASEL II, EU DPD, PCI D, HIPAA, SOX.Total RewardsSelective Insurance offers a total rewards package that includes a competitive base salary, incentive plan eligibility at all levels, and a wide array of benefits designed to help you and your family stay healthy, achieve your financial goals, and balance the demands of your work and personal life. These benefits include comprehensive health care plans, retirement savings plan with company match, discounted Employee Stock Purchase Program, tuition assistance and reimbursement programs, and paid time off plans. Additional details about our total rewards package will be provided during the recruiting process.The actual base salary is based on geographic location, and the range is representative of salaries for this role throughout Selective's footprint. Additional considerations include relevant education, qualifications, experience, skills, performance, and business needs. Pay RangeUSD $184,000.00 - USD $253,000.00 / Yr. Additional InformationSelective is an Equal Employment Opportunity employer. That means we respect and value every individual’s unique opinions, beliefs, abilities, and perspectives. We are committed to promoting a welcoming culture that celebrates diverse talent, individual identity, different points of view and experiences – and empowers employees to contribute new ideas that support our continued and growing success. Building a highly engaged team is one of our core strategic imperatives, which we believe is enhanced by diversity, equity, and inclusion. We expect and encourage all employees and all of our business partners to embrace, practice, and monitor the attitudes, values, and goals of acceptance; address biases; and foster diversity of viewpoints and opinions.

Salary : $184,000 - $253,000