Amerisure Insurance Company

Apply for this job

AVP, Information Security (Information Technology)



Amerisure creates exceptional value for its partners, policyholders, and employees. As a property and casualty insurance company, Amerisure's promise to our partner agencies and policyholders begins with a comprehensive line of insurance products designed to protect businesses, as well as the health and safety of every employee. With an A.M. Best “A” (Excellent) rating, Amerisure serves mid-sized commercial enterprises focused in construction, manufacturing and healthcare. Ranked as one of the top 100 Property & Casualty companies in the United States, we proudly manage nearly $1 Billion of Direct Written Premium and maintain $1.21 billion in surplus.

Amerisure is currently recruiting for an AVP, Information Security that can do a 3-day hybrid approach onsite in our Farmington Hills office. The ideal candidate will also possess the following skill set. 

Summary Statement

The AVP of Information Security leads the company's cybersecurity strategy and operations, including the strategy for managing cyber risks, and the protection of information assets through comprehensive awareness, compliance, security operations, risk management, and incident response initiatives. This role delivers practical, risk-based solutions by continuously validating technical controls via vulnerability assessments, independent evaluations, and penetration testing. Continuously assesses the external threat environment to drive enhancements to Amerisure's security posture, supporting business objectives, and maintaining regulatory compliance.

Essential Tasks/Major Duties

  • Lead and direct staff in area of responsibility with an emphasis on talent management and succession planning in accordance with the company's strategic direction.
  • Serves as advisor to Chief Information Officer (CIO) and executive leadership team on cybersecurity risks, and posture. Provides regular reporting on the status of the cybersecurity program to senior business leaders, the board of directors, and regulators.
  • Designs and oversees the development and implementation of enterprise security policy, standards, guidelines, and procedures to maintain security posture, ensuring ongoing maintenance of security practices and consistency with best practices and regulatory frameworks (NYDFS, MI DIFS, NIST, NAIC).
  • Oversee the identification, assessment, and mitigation of cybersecurity risks across the organization, including third-party risk management.
  • Manage the cybersecurity governance program and regularly report risk metrics and status updates to executive leadership and relevant committees.
  • Conduct enterprise risk assessments and ensure findings are tracked to resolution, with ownership assigned and progress monitored.
  • Creates training programs of security policies, best practices and procedures to ensure that all staff has an understanding of how they contribute to the overarching security of the organization.
  • Collaborates with senior Business and IT leadership to define and evolve information security standards and controls, and mentors Security staff and associated management teams on the security process.
  • Collaborates with the Enterprise Risk Management (ERM) team and Business Continuity Program office to integrate cybersecurity measures into business resilience, including risk management and continuity planning.
  • Oversees a network of security staff and security vendors to safeguard the company's assets, intellectual property and computer systems.
  • Direct the security operations center (SOC), overseeing threat detection, threat hunting, incident response, digital forensics, and vulnerability management.
  • Maintains relationships with local, state and federal law enforcement and other related government agencies.
  • Leads cross-functional cyber incident response program and investigations, including tabletop and other preparedness exercises.
  • Works with outside consultants as appropriate for independent security audits.
  • Champion the adoption of cutting-edge security technologies and proactive defense measures to ensure operational excellence and resilience against evolving cyber threats.

Knowledge, Skills & Abilities

  • Degree in Computer Science or related Field or the equivalent combination of education and/or relevant experience. Master's degree in Cybersecurity, Information Assurance, Business Administration (MBA), or a related discipline, preferred.
  • Minimum of 10 years of IT experience, including at least 5 years in management roles with responsibilities in budgeting and forecasting.
  • Minimum of 8 years of experience in Information Security, with expertise in analysis, design, and integration of security measures into applications, systems, and networks within a heterogeneous architecture.
  • One or more of the following Certifications: CISSP, CCISO, CISM, CRISC, GSEC or other GIAC specialization, CEH, CompTIA Security+, SSCP.
  • Insurance or financial services industry experience preferred, with an understanding of regulatory and compliance nuances specific to the sector.
  • In-depth knowledge of information security standards, processes, policies, frameworks, and metrics, covering network security, application security, data security, and cloud security.
  • Working knowledge of IT, Operating Systems, Network systems, Cloud and Operational Procedures, secure systems development lifecycle (S-SDLC), DevSecOps pipelines, business continuity planning, auditing, and risk management, as well as contract and vendor management.
  • Expert understanding and experience with regulatory requirements impacting the insurance sector, such as NAIC Insurance Data Security Model Law, GLBA, HIPAA, NY DFS Cybersecurity Regulation, and state privacy laws (e.g., MI DIFS) compliance.
  • Current and comprehensive awareness of emerging cyber threats, threat actor tactics, techniques, and procedures (TTPs), and security threat intelligence feeds.
  • Extensive experience in defining and executing audit processes to ensure compliance with information security standards and controls.
  • Exceptional verbal and written communication skills, with the ability to articulate technical security issues and concepts to both technical and non-technical staff, including employees, IT management, governance committee members, and senior leadership.
  • Leads strategic planning, budgeting, and resource management initiatives to develop, promote, and implement an executive vision for information security.
  • Proficient in driving cultural change and influencing all levels of the organization.
  • Demonstrated executive presence with the capability to represent cybersecurity in business forums.
  • Strong analytical skills to identify root causes of security incidents and risks.
  • Exemplary judgment in high-pressure situations, including incident response scenarios.
  • Data-driven decision-making to prioritize security initiatives based on business impact.

#LI-BR1

Just as we are committed to creating exceptional value for our Partners For Success® agencies and policyholders, Amerisure also remains committed to being an employer of choice. We reinforce this commitment by adhering to an Employee Value Proposition that, in part, is provided through a competitive total rewards package. This package includes competitive base pay, performance-based incentive pay, comprehensive health and welfare benefits, a 401(k) savings plan with profit sharing, and generous paid time off programs. We also offer flexible work arrangements to promote work-life balance. Recognized as one of the Best and Brightest® Companies to Work For in the Nation and one of Business Insurance magazine's Best Places to Work in Insurance, we provide a workplace that fosters excellence and professional growth. If you are looking for a collaborative and rewarding career, Amerisure is looking for you.

Amerisure Insurance provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Amerisure Insurance complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Amerisure Insurance expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Amerisure's employees to perform their job duties may result in discipline up to and including discharge.

Apply
Apply Here done