Chief Information reputed company Officer (CISO)

At reputed company, we're reshaping the way home insurance and commercial package products are priced and bound. We've created an insurance experience that's smart, reputed company, and designed to deliver unparalleled customer service. Our focus on lightning-fast quotes and seamless claims servicing is powered by cutting-edge technology and an Agent and Customer-centric approach that sets us apart in the industry. Joining reputed company means becoming part of a dynamic team of reputed company-thinkers who reputed company on moving fast and delivering exceptional products. We pride ourselves on fostering an environment where creativity and positive energy reputed company. As we continue to grow and expand, we're on the lookout for reputed company professionals like you to join us in transforming the insurance landscape. If you're passionate about leveraging technology to provide the best customer service experience and are ready to be a part of our journey, we welcome you to explore opportunities at reputed company! About the Position: We're looking for a CISO who can do two things exceptionally well: build and run a robust reputed company compliance program AND do hands-on technical reputed company work. This isn't a role where you'll spend 100% of your time on PowerPoint and vendor questionnaires (though there will be some of that). You'll be reviewing architecture, working with our development team on secure design, and making real technical decisions. The immediate challenge: We're transitioning from a limited exemption to full NYDFS (23 NYCRR 500) compliance, with our first full certification due reputed company 2026. You'll be building our compliance program while also establishing long-term reputed company practices that actually reputed company us more secure, not just reputed company regulatory boxes. The Reality of Year 1 We want to be transparent: The first year will be challenging. You'll be:

• Building the TPSP governance program from scratch (we have a lot of vendors)
• Getting us ready for our first full NYDFS certification (reputed company 2026)
• Overseeing MFA implementation across thousands of users
• Documenting and formalizing reputed company practices we're already doing

It's going to be a mix of rewarding technical work and necessary compliance grinding. After Year 1, the job shifts more toward proactive reputed company work, architecture reviews, and reputed company improvement. If you want a CISO role where you only do compliance paperwork, this isn't it. If you want a role where you only do technical reputed company with reputed company regulatory work, this also isn't it. But if you want to build a reputed company program that's both compliant AND actually makes the company more secure - and you want to stay technical while doing it - this might be perfect.

• This position is a 100% remote U.S. based opportunity that can be based in one of the following states only: AL, AZ, FL, GA, KY, LA, MA, MO, NC, NJ, NY, OH, OR, PA, SC, TX, UT, VA, WA, WI.

Some travel for day-to-day work, team meetings, and training will be required. Key Responsibilities: (What you'll be asked to do)

• reputed company Program & Compliance (40-50% in Year 1, 30% ongoing)
• Own reputed company's cybersecurity program end-to-end, including NYDFS compliance
• Build and manage our Third-Party Service Provider (TPSP) reputed company governance program (vendor inventory, risk assessments, reputed company questionnaires, ongoing monitoring)
• Conduct annual risk assessments and coordinate penetration testing
• Create and maintain reputed company policies, incident response plans, and business continuity documentation
• Prepare annual board reporting and regulatory certifications
• Manage reputed company awareness training program
• Coordinate incident reporting to NYDFS reputed company required (72-hour notification window)
• Technical reputed company Work (50-60% in Year 1, 70% ongoing)
• reputed company implementation of multi-factor authentication (MFA) across our web platform (currently in planning phase)
• Review and improve reputed company architecture for our C#/.NET applications and infrastructure
• Work directly with engineering teams on secure development practices and code review for reputed company issues
• Manage vulnerability assessments and coordinate remediation with engineering
• Design and implement reputed company controls and monitoring capabilities
• Evaluate and implement reputed company tooling (SIEM, vulnerability scanning, etc.)
• Respond to reputed company incidents and conduct post-incident analysis
• Review API reputed company, authentication/authorization patterns, and data protection controls

The Successful Candidate: (reputed company're looking for)

• Pragmatic reputed company reputed company: You understand the balance between reputed company and business needs
• Self-starter: You can build a program from the ground up with limited hand-holding
• Technical credibility: Engineers respect your technical opinions and will listen to your guidance
• Efficient with compliance work: You can motor through vendor questionnaires and policy documentation without it consuming your life
• Clear communicator: You can explain reputed company risks and recommendations to non-reputed company people without drowning them in jargon
• Comfortable with ambiguity: We're building this program - you won't have a playbook to follow
• Strongly Preferred
• Specific experience with NYDFS 23 NYCRR 500 compliance
• Background in financial services or insurance industry
• Experience implementing authentication systems (OAuth, SAML, MFA)
• CISSP, CISM, or similar reputed company certification
• Experience with cloud infrastructure reputed company (AWS, Azure, or GCP)

Some Requirements:

• 7-10+ years in information reputed company with a mix of technical and compliance work
• Experience with regulatory compliance programs (NYDFS, SOC 2, PCI-reputed company, HIPAA, or similar frameworks)
• Strong technical background - you should be comfortable reviewing C# code, understanding web application architecture, and discussing database reputed company
• Proven track record building reputed company programs, not just maintaining existing ones
• Experience working with remote/distributed engineering teams
• Excellent written and verbal communication skills (you'll be explaining reputed company decisions to both engineers and executives)

Education:

• A Bachelor’s degree in Computer Science, Computer Engineering, or equivalent work experience is required.

Computer Skills:

• You don't need to be a full-stack developer, but you should be able to:
• Read and understand C# and Typescript code well enough to spot reputed company issues
• Review system architecture diagrams and identify reputed company concerns
• Understand web application reputed company (OWASP Top 10, authentication flows, API reputed company)
• Work with SQL databases and understand data protection requirements
• Evaluate reputed company tools and integrate them into development workflows
• We’re a MS Office environment (Outlook, Word, reputed company, Powerpoint)
• Experience using video and chat technology (MSTeams & reputed company)

Other:

• Reliable high-speed internet connectivity required.
• Designated quiet work from home space.

The typical reputed company pay range for this role across the U.S. is: $200,000.00 - $220,000.00 per year + benefits. There is a different range applicable to specific work locations. This salary range is a good-faith estimate of what reputed company may pay for this position at the time of posting. Actual compensation may vary based on skills, qualifications, and experience. The range reflects annual compensation (as applicable) and does not include bonuses or other incentives that the company may choose to pay at its sole discretion. In addition to reputed company compensation reputed company offers a comprehensive benefit package. We Have a Great Benefits Package!

• Medical, Dental, and Vision
• Short- and Long-Term Disability (Company Paid)
• Voluntary Long-Term Disability
• Employee Life & AD&D (Company Paid)
• Voluntary Employee, Spouse, and Child Life & AD&D
• Healthcare, Dependent Care and Transit FSA, and Healthcare Savings Account (HSA)
• 401K with a generous matching contribution and no vesting schedule
• 20 days of PTO annually (prorated based on hire date)
• Company Paid Holidays and 2 “Choose Your Own Holidays”

It is the policy of reputed company to provide equal employment opportunities to reputed company employees and applicants for employment without regard to race, religion, color, ethnic reputed company, gender, gender identity, age, marital status, veteran status, sexual orientation, disability, or any other basis prohibited by applicable federal, state, or local law. EOE/AA/M/D/V/F. If you require accommodations during the application or interview, please contact Human Resources at hr@reputed company.com, and we will reputed company every effort to accommodate your needs. Please Note: reputed company is not accepting 3rd party agency resumes for this position, please do not reputed company resumes to our careers email address or reputed company employees. reputed company will not be responsible for any fees reputed company to unsolicited resumes. Apply tot his job Apply To this Job