Information Security Lead

Summary:

This position is responsible for managing and strengthening our Information Security Program by designing, implementing, and maintaining comprehensive security measures to safeguard our systems, networks, and data. Key responsibilities include monitoring network and application activity to swiftly detect and respond to security incidents, conducting vulnerability assessments, penetration testing, and security audits to enhance resilience. Additionally, this position will develop, enforce, and continuously improve security policies, procedures, and best practices to ensure compliance. The role involves close collaboration with infrastructure and development teams to embed security best practices into software development and infrastructure operations. This position will engage with internal stakeholders to foster a strong security culture across the organization and lead security awareness training initiatives.

Functions:

• Design, implement, and maintain security measures to protect systems and data.
• Monitor networks and applications for security breaches and investigate incidents.
• Conduct vulnerability assessments, penetration testing, and security audits.
• Develop and enforce security policies, procedures, and best practices.
• Ensure compliance with regulatory standards, including NAIC, GLB, and NIST.
• Overall responsibility for Goodville's Information Security Program.
• Manage and Maintain security tools (SIEM, IDS/IPS, endpoint protection, etc.).
• Work with IT teams to integrate security into software development and infrastructure.
• Stay updated on emerging threats and recommend mitigation strategies.
• Provide security awareness training for employees.
• Perform other duties as assigned by supervisor.

Requirements

• Bachelor's Degree or equivalent experience required.
• Proven experience in cybersecurity or in a similar IT security role (typically 3-5 years) required.
• Experience with security systems (firewalls, IDS/IPS, SIEM, etc.) and security technologies preferred.
• Hands-on experience with network security, encryption techniques, and vulnerability management tools preferred.
• Some coding knowledge in Python or JavaScript preferred.
• Strong analytical and problem-solving abilities preferred.
• Excellent communication skills to explain security concepts to non-technical staff required.
• Ability to work under pressure and handle security incidents efficiently required.
• Experience in or ability to learn Property and Casualty insurance principles, insurance applications and agency-company interface required.
• Ability to work flexible hours, travel to all organization offices (including in Pennsylvania, Ohio, and South Dakota) and travel to vendor work sites required.
• Ability to work in an office environment with moderate noise level, remain in a stationary position and operate a computer a majority of the time required.
• Ability to move throughout the office to access work materials and to move work materials weighing up to ten pounds daily required.
• Ability to perform the essential functions of the job with or without reasonable accommodation required.