Chief Information Security Officer

Job Locations US-PA-Conshohocken
Job ID
Information Technology
Regular Full-Time


NSM Insurance Group is looking for a highly motivated Chief Information Security Officer to establish, implement and maintain a comprehensive corporate-wide information security management program to ensure that information assets are adequately protected.


As Chief Information Security Officer, you will serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. The CISO will recommend to executive management, compliance and information security enhancements that balance legal, regulatory, and organizational requirements with risks, financial constraints and technological adoption. The incumbent leads IT compliance auditing, vulnerability assessments, intelligence gathering, business continuity and disaster recovery. The CISO will partner with all business units to identify security initiatives, establish and enforce standards and create policies and procedures. You will promote NSM’s security and compliance goals through training and awareness programs and perform investigations as warranted.


  • Establish, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
  • Develop and enhance the information security management framework
  • Lead the enterprise's information security organization
  • Work with all business units to determine possible risks and risk management processes
  • Business development planning and acquiring the correct technology
  • Analyze IT security threats in real-time and mitigate these threats
  • Ensure that no internal breaches or misuse of data take place
  • Determine the cause of internal and external data breaches and institute appropriate corrective action
  • Partner with business stakeholders across the company to raise awareness of risk management concerns
  • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Develop, initiate, maintain, and revise goals, policies, standards and procedures for the general operation of the Information Security Program. Manage day-to-day operation of the Program
  • Work with direct reports to assure strategic plans, security programs and technical controls are in compliance with policies, applicable laws, regulations and customer requirements. Identifies protection goals and objectives consistent with the corporate strategic plan
  • Partner closely with business and technology stakeholders to ensure that all applications and platforms are developed and maintained with security in mind and that appropriate security controls have been implemented
  • Oversee the Company’s business continuity program, including regular testing of business continuity and disaster recovery plans, to ensure we are prepared for a major emergency and can provide necessary business continuity leadership to the organization
  • Guide IT Compliance activities including testing of IT SOX controls, the procurement of an annual SOC 2 report and support for IT aspects of internal and external audits. Oversees the response to customer inquiries relating to information security, disaster recovery or other IT matters


  • Bachelor’s degree or higher in Computer Science/Business Information Systems or related fields
  • 15+ years of information systems, compliance, regulatory, financial services operation, or related experience
  • Expertise in IT security management, data center operations, disaster recovery and business continuity practices, concepts and methodologies
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
  • Clear understanding of the evolving needs within the cybersecurity function and strong relationships with the vendor and security community
  • Understanding of public and private cloud, security tools to monitor and support cloud adoption, and the latest tools and methodologies as it relates to cloud migration
  • Ability to anticipate technological developments and develop plans, policies and procedures to protect the best interest of the organization
  • Excellent understanding of constituents’ requirements and the ability to clearly and concisely present technical information to technical and non-technical audiences
  • Extensive ability to analyze and interpret general business periodicals, professional journals, technical procedures and/or government regulations
  • Strategic problem solving and decision-making abilities
  • Effective leadership and motivational skills
  • Security certifications: CISSP, CISA or CISM



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed