Chief Information Security Officer (Insurtech)

TL;DR

Chief Information Security Officer (Insurtech): Leading cybersecurity strategy, security operations, and GRC for a multi-state insurance carrier with an accent on regulatory compliance and risk management. Focus on scaling SOC 2 programs, managing SOX audit cycles, and aligning security architecture with business growth.

Location: Hybrid: Must be based in Austin, TX or Morristown, NJ

Company

hirify.global provides tailored home insurance and preventative maintenance plans using a modern, intuitive experience to protect homeowners.

What you will do

• Execute enterprise cybersecurity strategy aligned with business risk appetite and regulatory requirements.
• Build and lead security operations, including threat detection, incident response, vulnerability management, and threat intelligence.
• Own the end-to-end SOC 2 program and ensure compliance with state and federal cybersecurity and insurance regulations.
• Lead governance, risk, and compliance (GRC) functions, including identity governance, privacy, and third-party risk management.
• Report cybersecurity posture, risk trends, and incident activity to the Board of Directors and Audit and Risk Committee.
• Direct the security engineering function, owning secure design standards and threat modeling practices.

Requirements

• 10+ years of experience in cybersecurity, with at least 5 years in a senior leadership role (CISO, VP, or Head of Security).
• Experience at a publicly traded, regulated company with direct involvement in SOX audit cycles.
• Proven track record of end-to-end ownership of a SOC 2 program and managing security operations.
• Strong GRC background and the ability to present complex risk information to boards and regulators.
• Expertise in managing third-party vendor cybersecurity risk programs.
• Excellent cross-functional leadership skills for partnering with Legal, Finance, and Engineering.

Nice to have

• Experience in the Insurance, Insurtech, or Fintech industries.
• Familiarity with privacy frameworks such as CCPA/CPRA and state breach notification laws.
• Relevant certifications including CISSP, CISM, CRISC, or CISA.
• Background in security engineering or application security.

Culture & Benefits

• Comprehensive medical plans with 100% employer-covered dental and vision.
• 401(k) retirement plan, FSA for health and dependent care, and employer-paid life insurance.
• Eligibility for equity compensation.
• Flexible time off policy and 12 weeks of parental leave for primary and secondary caregivers.
• Onsite perks including snacks, drinks, and catered lunches.