Full-time
Vice President, Chief Information Security Officer - The Hanover Insurance Group - Worcester, MA

Our Information Technology department is seeking a Vice President, Chief Information Security Officer to join our growing team in our Worcester, MA office.

Position summary:
This position reports directly to the EVP, CIO and Chief Technology Innovation Officer. The CISO will develop the strategic vision, resources, and protocols to maintain enterprise IT security and the organization’s cyber security program, mitigate risk, oversee vendor risks, and influence user behavior by elevating the profile and importance of information security at The Hanover. The CISO will also be responsible for managing risks relating to information security, IT business continuity planning, IT crisis management, IT privacy, and designing and monitoring processes to ensure compliance with IT and information security protocols, and applicable data security regulations. The role also directs the adoption and implementation of IT security and risk policies and procedures across the global enterprise. The incumbent will, along with other senior leadership (SLT) members, play a significant role in guiding enterprise risk and the future growth of the company.

This is a Full-time, Exempt role.

Responsibilities/Essential Functions:
Brings together key IT security and risk stakeholders to design, develop, refine and review enterprise IT security and risk strategies, including, the development, implementation and maintenance of the organization’s cyber security program and IT security standards that meet both client requirements and the company’s needs while also evaluating and assessing solutions for any inconsistencies identified. With support from the EVP, CIO and Chief Technology Innovation Office, acts as lead representative on IT information security for clients and external stakeholders. Regularly interfacing with the info-sec and risk mitigation representatives from client and prospect firms, in regards to company policies, procedures and plans regarding information security and risk management. With support from the EVP, CIO and Chief Technology Innovation Office, acts as lead representative with internal and external auditors regarding assessments and testing of information security and risk management. Oversees and monitors compliance with applicable regulations and enterprise security policies and educates business unit leaders and service managers on compliance efforts and requirements. Creates an information security awareness training program to customize communication tools and campaigns for each business unit and integrated services group. Coordinates IT Disaster Recovery, business continuity planning, and 3rd party risk testing and planning maintenance efforts across business units and the integrated services group. Manages various levels of risk tolerance and risk exposure across the organization, and balancing with risk investments. Collaborates with Chief Risk Officer on risk appetite and qualification of risk scenarios. Collaborates and consults with the Cyber Unit relative to emerging IT security risks/trends, service provider due diligence, and development of cyber risk assessment strategies in support of The Hanover’s cyber insurance product offerings. Sets and implements usage and security policies for information sharing on internal and external platforms. Develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policies can align with user needs while ensuring data security. Assumes lead role for documenting and understanding data/information flows across geographies to ensure security and protection of data across the company’s global information systems (current and future markets). With support from EVP, CIO and Chief Technology Innovation Office, exercises decision making authority on risk assessments and mitigation, overseeing process to ensure risks have been addressed, acting as policy making authority, creating InfoSec roadmap and technology priorities and solution (tools, vendors) proposals and recommendations, managing department budget. Position Requirements:
Bachelor’s degree in computer science, management information systems, business administration, or related discipline highly desirable. Master’s degree preferred. 8+ years of professional experience in running the information security function, and analyzing and applying information security risk, IT risk management, and privacy practices 10+ years of relevant work experience, including consulting and general industry experience. Demonstrated track record of success with implementing and managing IT info and risk strategies, and managing an IT Information Security team. Understands “voice of the customer” and can align IT strategy with user behaviors, for both internal and external business partners. Fosters and builds a collaborative working relationship with internal and external stakeholders. Strong communications skills and comfort in presenting to a wide range of audiences, including board level, clients, partners and regulators required. Expert in information policy formulation, information security management, IT business risk management, and IT security incident response management. Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management. Working knowledge of IT financial management and IT audit. Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, GDPR, HIPAA, and PCI DSS. Financial or insurance industry experience desirable. Security and auditing certifications, such as GISO, CISSP, and/or CISA, desirable. Personal and Professional Competencies:
An exceptional senior level leader and influencer enterprise-wide across a highly matrixed organization Demonstrated track record of leading high-performance teams toward the successful attainment of challenging goals in support of the corporate business strategy Able to work in an extremely fast-paced, entrepreneurial environment Highly intelligent with crisp communication skills both oral and written Executive presence; ability to convincingly “present” at the Board level if needed Strategic and insightful in their thinking, with good judgment and an intuitive sense of where to look for opportunities to support the business Decisive and appropriately resolute, but open-minded An innovative and entrepreneurial thinker Able to trade-off the risks and rewards in a particular situation while also considering the big picture of company-wide impact, industry trends, regulatory requirements and strategic implications Able to achieve credibility with and provide guidance to the CEO, ELT, SBU leaders and the Board if needed Someone with a proven track record of working hand in hand with SBU leaders, rolling up their sleeves (if needed) to get the job done An aggressively collaborative, team player with strong results orientation and sense of urgency A skilled team builder who is able to attract, develop and retain the very best talent. EEO statement:
“The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law.
Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.”
As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. If you require a reasonable accommodation, as a candidate for employment, please inform The Hanover Talent Acquisition office.

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.