Manage data and information risks related to product development, technology solutions, crisis management, data privacy, and regulatory compliance. Guide the development of the information security technical architecture and security standards, controls, procedures, and guidelines for computer platforms, applications, and networks including utilization of cloud technologies. Responsible for all security audits, required by customers and governmental agencies. Work with Global CISO & other Arch e... more details
With a company culture rooted in collaboration, expertise and innovation, we aim to promote progress and inspire our clients, employees, investors and communities to achieve their greatest potential. Our work is the catalyst that helps others achieve their goals. In short, We Enable Possibility?.
The Company
Arch Capital Group Ltd. is a Bermuda-based company which provides insurance, reinsurance, and mortgage insurance on a worldwide basis. Arch Capital Services Inc. provides support and expertise to entities across ACGL to help them operate effectively and efficiently. Arch is committed to helping its associates create what is next by providing access to a variety of programs supporting your professional development and a culture that encourages innovation, collaboration, and professional growth. We seek talent that thinks innovatively, values collaboration and will go the extra mile to serve our customers and develop our company.
Job Summary
The Director, Information Security is a visionary leader responsible for overseeing the operations of the Arch Reinsurance Group’s security solutions and compliance to ensure that information assets are adequately protected with the acceptable levels of control. This role reports to the Chief Security Officer (CSO), and is responsible for the security strategy, security program oversight, and security architecture development, and implementation. A strong communicator, the person possesses a demonstrated ability to conceive, construct, and advance business and technology solutions, and stakeholder sponsorship to support organizational information security projects and initiatives. Travel as needed.
*This is a hybrid (three-times-a-week) in-office role in our Farmington, CT, Morristown, NJ, or White Plains, NY offices.
Responsibilities
Manage data and information risks related to product development, technology solutions, crisis management, data privacy, and regulatory compliance.
Guide the development of the information security technical architecture and security standards, controls, procedures, and guidelines for computer platforms, applications, and networks including utilization of cloud technologies.
Responsible for all security audits, required by customers and governmental agencies.
Work with Global CISO & other Arch entities Security Teams and Functional Areas to implement practices that meet defined policies and standards for information security.
Implement Security & Risk Management Frameworks.
Coordinate information security and risk management projects with technology and operations groups as well as business teams.
Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
Direct the preparation activities to support customer and other audits (e.g., SOX, SOC 2).
Develop, manage, and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality, and availability of information assets.
Promote information security policies, standards, and guidelines.
Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
Leverage the information security risk assessment process to implement appropriate security measure to reduce risk to an acceptable level.
Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
Support the process for security incident management to effectively identify, respond, contain, and communicate a suspected or confirmed incident.
Identify, assess, and prioritize IT risks to data and systems, including external threats, cyber-crimes, internal threats, and third-party risks.
Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
Education and Experience
Experience working with internal/external auditors and senior company management.
Strong process discipline in a continuous improvement environment.
Exposure to managing cost center and departmental financial functions.
Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing, and relationship building.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Ability to act calmly and competently in high-pressure, high-stress situations.
Proven track-record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Bachelor’s degree in the following disciplines: Information Security, Computer Science, Management of Information Systems, or related field required – masters’ degree preferred.
Minimum of 10+ years of experience in a combination of risk management, information security, and information technology fields.
4+ years of experience in a leadership role – employment history must demonstrate increasing levels of responsibility.
Demonstrated experience of relevant legal and regulatory requirements, such as SOX, SOC-2, NYDFS, GDPR and other regulations and guidelines.
Possess at least one of the following certifications: CISSP, CRISC, CISM, CISA.
Knowledge of common information security management frameworks, such as NIST, ISO 27001.
#LI-ZP1
For individuals assigned or hired to work in California, Colorado, Hawaii, Jersey City, NJ; New York State; and/or Washington State, the base salary range is listed below. This range is as of the time of posting. Position is incentive eligible.
$170,000 - $195,000/year
Total individual compensation (base salary, short & long-term incentives) offered will take into account a number of factors including but not limited to geographic location, scope & responsibilities of the role, qualifications, talent availability & specialization as well as business needs. The above range may be modified in the future
Click here to learn more on available benefits
Do you like solving complex business problems, working with talented colleagues and have an innovative mindset? Arch may be a great fit for you. If this job isn’t the right fit but you’re interested in working for Arch, create a job alert! Simply create an account and opt in to receive emails when we have job openings that meet your criteria. Join our talent community to share your preferences directly with Arch’s Talent Acquisition team.