Director, Chief Information Security Officer

<strong>AF Group (Lansing, Mich.) and its subsidiaries are a premier provider of innovative insurance solutions. Insurance policies may be issued by any of the following companies within AF Group: Accident Fund Insurance Company of America, Accident Fund National Insurance Company, Accident Fund General Insurance Company, United Wisconsin Insurance Company, Third Coast Insurance Company, or CompWest Insurance Company.</strong>

Lansing, USA

AF Group

<p class="p1"><strong>AF Group&rsquo;s focused and passionate team uses industry-leading best practices, analytics and resources to manage risk and minimize loss for our policyholders while strengthening businesses with our valued independent agent partners.</strong></p> <p class="p1"><strong>We strive to continuously increase the long-term value of our organization by outperforming our industry peers and fostering a culture of underwriting and claims excellence.</strong></p>

keywords: summary,job description,leadership,risk management,planning,performance,other duties,supervisory,education & experience,proficiency,communication,initiative,skills


Competitive Compensation and Benefits Package

Overview: <br /> <p>Headquartered in Lansing, Mich.,&nbsp;<a href="" target="_blank" rel="noopener noreferrer">AF Group</a>&nbsp;is a nationally recognized holding company whose affiliated insurance brands are premier providers of innovative, specialty insurance solutions. The strength of AF Group and its brands ensures that our customers have access to knowledgeable insurance professionals and the support needed to keep costs down and workers safe.</p> <p>Working at AF Group is more than a job. It is a career at one of the most dynamic, innovative, and successful insurance companies in the nation. In fact, we&rsquo;ve been named a Best Place to Work in Insurance by&nbsp;<em>Business Insurance</em>&nbsp;magazine for a decade.<br /><br /><br /></p> <p><strong>SUMMARY:<br /><br /></strong></p> <p>The Chief Information Security (IS) Officer is responsible for building and maintaining the vision, strategy and programs required to ensure information assets are appropriately protected. This role establishes and leads the information security and assurance function, provides oversight for personnel with significant IS-related duties and assists senior leadership. Overall, this role ensures that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.</p>
Responsibilities: <br /> <ul> <li><a target="_blank">Drive and maintain the IS risk management function, including the oversight and training of information security personnel, the development of information security programs and the identification and mitigation of information security risks.</a></li> <li>Design a Security Operations Center (SOC) capable of implementing the programs and processes and leading an incident response plan. Develop metrics reporting to communicate effectiveness of SOC to leadership.</li> <li>Works proactively with IT, business units, and leaders regarding major systems, strategic and tactical plans, and application changes to ensure that IS standards and issues are addressed early in a project&rsquo;s life and incorporated into the resulting program.</li> <li>Leads and aligns programs, processes and strategies to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assesses impacts and drives responses as appropriate.&nbsp;</li> <li>Establishes an IS and risk management functional capability and framework across the enterprise.</li> <li>Ensures that IS and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed across the enterprise.</li> <li>Maintains relationships with local, state, and federal law enforcement and other related government agencies regarding cyber security incidents, like ransomware.</li> <li>Monitors compliance with IS policies, standards, and processes and enforces remediation of non-compliance.</li> <li>Oversees the development and maintenance of IS policies, including standards and processes that fit the organization at all levels.</li> <li>Provides vision, leadership, planning, project coordination, and management for the development of a cost-effective department, while concurrently facilitating efficient operations to meet current and future business needs within the organization.</li> <li>Represents Company in community and industry, programs, and conferences.</li> <li>Functions as the department head in the absence of the executive leader.</li> <li>Participates in the development of annual departmental budget, monitors budget, and identifies budget discrepancies</li> </ul> <br /><br /><br /> <p><strong>SUPERVISORY RESPONSIBILITIES:<br /><br /></strong></p> <ul> <li>Directly supervises a varied number of employees in the designated department(s).</li> <li>Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws.</li> <li>Responsibilities include interviewing, hiring and training employees; planning, assigning and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.</li> </ul>
Requirements: <br /> <p><strong>EDUCATION AND EXPERIENCE:<br /><br /></strong></p> <ul> <li><em>Relevant combination of education and experience may be considered in lieu of degree.</em></li> <li><strong>Ten&nbsp;</strong>years of progressively more responsible experience in an IS environment with demonstrated technical experience</li> <li><strong>Five&nbsp;</strong>years of management or supervisory experience in IS required</li> <li>Bachelor&rsquo;s degree in Computer Science or a related field required.</li> <li>Certification, such as CISA, CISM, or CISSP preferred</li> <li>HITRUST experience preferred</li> <li>Experience leading information risk, security and governance teams, transforming functions and changing culture, and leading the response to incidents, crises, and investigations preferred.</li> </ul> <br /> <p><strong>QUALIFICATIONS:</strong></p> <p>To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.<br /><br /><br /></p> <p><strong>OTHER SKILLS AND ABILITIES:<br /><br /></strong></p> <ul> <li>Excellent oral and written communication skills.</li> <li>Excellent presentation and facilitation skills.</li> <li>Demonstrated leadership and project management abilities.</li> <li>Ability to make competent, independent decisions.</li> <li>Ability and proficiency in the use of computers and Company standard software specific to the position.</li> <li>Bilingual skills preferred.</li> <li>Deep understanding of the enterprise information security architecture, discipline, processes, concepts, and IS best practices.</li> <li>Demonstrated consultative approach to driving change and deploying controls.</li> <li>Knowledge of technological trends and developments in IS and risk management.</li> <li>Knowledge of information security and risk control frameworks, as well as business continuity and IT disaster recovery frameworks.</li> <li>Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.</li> <li>Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.</li> <li>Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.</li> <li>Must demonstrate leadership ability and team-building skills to effectively supervise professional and non-professional staff and interact with all levels of management.</li> </ul> <br /><br /><br /> <p><strong>ADDITIONAL INFORMATION:<br /><br /></strong></p> <p>The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. This job description does not constitute a contract for employment.</p>