Deputy CISO

Job Summary:

The Deputy CISO is a senior enterprise executive accountable for enterprisewide execution and operational outcomes of the cybersecurity program, reporting to the Enterprise Chief Information Security Officer (CISO).

This role influences cybersecurity strategy, policies, and risk appetite and ensures they are translated into consistent, measurable execution across the enterprise.

The Deputy CISO provides executive leadership for cybersecurity execution, incident response, and regulatory readiness, and serves as a senior partner to executive management and oversight committees.

Cybersecurity strategy ownership, board accountability, and final risk acceptance remain with the CISO.

Job Responsibilities:

• Accountable for enterprise-wide execution and delivery outcomes of the cybersecurity program across all security domains, including security operations, threat and vulnerability management, security engineering, application security, and compliance.
• Translate cybersecurity strategy, standards, and risk appetite into enterprise execution priorities, operating expectations, and performance outcomes.
• Act with delegated authority from the CISO to make enterprise-impacting cybersecurity and execution decisions within established thresholds, escalating material risk acceptance decisions to the CISO.
• Serve as executive incident commander during major cybersecurity incidents, coordinating enterprise response, executive communications, and recovery actions.
• Lead enterprise preparedness for cybersecurity-related regulatory examinations, audits, and supervisory reviews, ensuring sustained execution readiness.
• Prepare and present cybersecurity topics, risk posture, incident updates, and program performance to executive management, senior leadership teams, and management oversight committees.
• Own execution of the cybersecurity operating budget, including investment prioritization.
• Govern delivery of major cybersecurity initiatives to ensure risk reduction and regulatory readiness.
• Lead, mentor, and develop senior cybersecurity leaders and managers, fostering a culture of accountability, execution excellence, and continuous improvement.

Job Qualifications:

• 15+ years of progressive cybersecurity experience, including senior leadership roles with enterprise-level responsibility.
• Demonstrated experience executing cybersecurity programs in regulated environments such as insurance or financial services.
• Proven experience preparing and presenting cybersecurity risk, program performance, and incident topics to executive leadership and management oversight committees.
• Bachelor's degree in Information Security, Information Technology, Computer Science, or equivalent experience.

Licenses and Certifications:

• CISSP, CISM, CRISC, CISA, or equivalent professional certification (Preferred).

Behavioral Competencies:

• Collaborates
• Communicates Effectively
• Customer Focus
• Decision Quality
• Nimble Learning
• Builds Effective Teams
• Business Insight
• Develops Talent
• Directs Work
• Ensures Accountability
• Manages Complexity
• Drives Vision and Purpose
• Strategic Mindset

Technical Skills:

• Enterprise cybersecurity governance and operating models
• Cybersecurity risk management and regulatory frameworks (e.g., NIST, ISO, NYDFS, NAIC)
• Executive-level incident and crisis management
• Cybersecurity investment and budget management

This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.