ABOUT US

At Selective, we don’t just insure uniquely, we employ uniqueness.
Selective is a midsized U.S. domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years. Selective’s unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2024 and certification as a Great Place to Work® in 2024 for the fifth consecutive year.
Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success. Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs.
Overview
Selective is seeking a VP of Information Security responsible for leading the information security, risk management, crisis planning, and crisis response functions within the Information Technology department. In the role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends. You will also work across teams to ensure alignment with best practices and deliver security enhancement projects. You will lead teams and projects that are complex in nature and/or of strategic importance to the Selective organization, and will have a moderate number of direct reports consisting of senior managers, managers, architects, engineers, and analysts. This is a unique opportunity to lead and develop a motivated team of security professionals and contribute to the strategic direction of the Information Technology Services (ITS) Department within a growing company.

KNOWLEDGE AND REQUIREMENTS

• 10+ years IT experience with at least 7 in the information security and/or information risk management space.
• 5+ years leadership experience that includes development and management of managers or directors.
• Bachelors or greater degree in related discipline preferred.
• Security specific certifications (CISSP, GIAC, CISM, etc.) strongly preferred.
• Excellent communication skills with experience interacting and presenting to staff and leaders across technology and business areas, including executive leadership.
• Experience planning and controlling projects that deliver advance security program maturity.
• Must have expert level knowledge of current IT security techniques, industry trends, suppliers, and technology.
• Knowledge of risk management & cyber-security frameworks including NIST-CSF, NIST-800, ISO-27000, BASEL II, EU DPD, PCI D, HIPAA, SOX.

• Leads the day-to-day activities of our information security, cyber risk management, and incident response team. Responsible for the daily activities, priorities, and coordination of work across management, technical staff, and consultants.
• Evaluates the enterprise-wide information security program, identifies gaps, executes short-term corrective plans, develops long-range strategies, and reports on program health to internal and external stakeholders, ensuring alignment with overall business plans.
• Leads planning and response to disaster recovery events and security incidents. Identifies, manages, and communicates security incidents to key stakeholders. Maintains up to date business impact analyses and business crisis plans.
• Responsible and accountable for establishing, updating, and delivering a security awareness and training programs across the enterprise.
• Develops, maintains, and enforces information security policies and procedures in alignment with stated risk appetite, changes in threats, and overall compliance goals.
• Oversees all security audits and tasks. Participates in the technical aspects of all IT related audits and supports internally and externally managed audit activities.
• Collaborates with key business and IT leaders to assess, document, and act on information security risks, in alignment with stated risk appetite. Reports to stakeholders on monitored risks as appropriate.
• Responsible and accountable for the hiring, development, and performance management of staff within the security organization.
• Responsible and accountable for the planning, administration, and performance of the information security and risk management budget.
  Qualifications