Chief Information Security Officer (CISO)

NOTE TO APPLICANTS: Individual(s) must be legally authorized to work in the United States without the need for immigration support or sponsorship from Milliman now or in the future

POSITION SUMMARY:

The Chief Information Security Officer (CISO) is a senior-level executive responsible for developing implementing and overseeing Millimans global information security program. As a member of Global Corporate Services (GCS) reporting directly to the Chief Information Officer (CIO) and working closely with the CEO Board of Directors and Equity Principals the CISO ensures the confidentiality integrity and availability of Millimans information assets technology infrastructure and data across all practices and geographies.

This role provides strategic leadership vision and governance for all aspects of information security aligning security initiatives with business objectives and regulatory requirements.

RESPONSIBILITIES:

Strategic Leadership & Governance

• Drive the information security function across Milliman ensuring alignment with organizational goals.
• Establish and implement a global information security vision and strategy by collaborating with the Board senior leaders and Equity Principals.
• Design and deliver the security roadmap including staffing and budget plans and manage the approved corporate information security budget.
• Serve as an expert advisor to the Board and senior leadership on IT security matters.
• Facilitate organization-wide security enhancements that integrate business objectives with IT infrastructure physical infrastructure and human resources.
• Act as the primary change agent facilitating information security improvements in security culture business relationships and product/service design.
• Chair the Security Technology Steering Group (STSG).

Risk Management & Compliance

• Collaborate with senior leadership on IT-related risk management to identify assess and address risks.
• Oversee the development implementation and maintenance of global information security policies standards guidelines and procedures.
• Ensure compliance with relevant laws regulations and industry frameworks (e.g. ISO 27001 HIPAA HITRUST SOC 2).
• Partner with the Legal Department to maintain a collaborative approach to information security and privacy.
• Manage third-party/vendor security risk programs and ensure alignment with corporate policies.
• Serve as a voting member of the Enterprise Risk Management Committee and Technology Operations Committee and act as a key advisor to senior leadership on IT security matters.

Incident Response & Operational Oversight

• Oversee emergency procedures and incident response protocols serving as the control point during significant security incidents.
• Direct teams to detect report contain and mitigate incidents impacting data and infrastructure security.
• Oversee periodic security reviews of all business units and present findings to the Enterprise Risk Committee and Board.
• Partner with the Legal team in response to privacy incidents and significant events.
• Collaborate with IT teams to develop evaluate and improve network disaster recovery plans.
• Maintain relationships with law enforcement and relevant government agencies in support of the information security program.

Program Development & Stakeholder Engagement

• Develop and implement enterprise-wide security awareness training.
• Build and report on metrics and KPIs to measure program effectiveness.
• Recommend security enhancements and purchases consistent with evolving threats and strategic objectives.
• Stay current on technological advances and identify opportunities for adoption within Milliman.
• Provide coordination communication and dissemination of best practices across the organization.
• Support Equity Principals and their practices in security-related matters consistent with GCS service expectations.

SKILLS & QUALIFICATIONS REQUIRED:

• Bachelors degree in Computer Science Computer Engineering Information Systems or related discipline.
• The ideal candidate must possess certification (s): Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
• The ideal candidate must have 10 years in management of business or technology organizations with demonstrated competency in strategic thinking leadership and relationship management and enterprise-level responsibility.
• The ideal candidate must have 7 years of direct management experience overseeing security teams and budgets.
• The ideal candidate must have previous experience with regulatory compliance frameworks such as ISO 27001/2 HIPAA HITRUST and SOC 2.
• The ideal candidate must have previous experience with cloud security control design and management experience.
• The ideal candidate must have thorough knowledge of finance budgeting project management and systems development lifecycle.
• The ideal candidate must have knowledge of security domains such as auditing policy database security firewall design and implementation risk analysis identity management access management and web services.
• Must have demonstrated leadership in multi-discipline high-performance teams including supervision and professional development of technical staff.
• Must have proven ability to work with geographically diverse offices in a global organization.
• Must have excellent verbal and written communication skills including the ability to prepare documentation policies and build consensus across broad groups.
• Must have the ability to deal effectively with concrete tangible issues as well as abstract conceptual matters.
• Must demonstrated thought leadership in information security and creating innovative scalable business solutions with the ability to lead and motivate cross-functional interdisciplinary teams.
• Must have strong time management skills ability to handle multiple projects concurrently and the capacity to be flexible and nimble as business needs change and evolve.

SKILLS & QUALIFICATIONS PREFERRED:

• Advanced degree (masters or PhD) in Information Security Computer Science or related field.
• Experience within consulting or professional services organizations.
• Familiarity with enterprise-level cloud technologies defect tracking tools agile management tools and Microsoft Suite.
• Additional certifications (e.g. GIAC CCSP CRISC PMP).

LOCATION:

This is a remote role. The expected application deadline for this job is December 15^th 2025

COMPENSATION:

The overall salary range for this role is $203200 - $397210. For candidates residing in:

• Alaska California Connecticut Illinois Maryland Massachusetts New Jersey New York City Newark San Jose San Francisco Pennsylvania Virginia Washington or the District of Columbia the salary range is $233680 - $397210.
• All other locations the salary range is $203200 - $345400.

A combination of factors will be considered including but not limited to education relevant work experience qualifications skills certifications etc.

BENEFITS:

We offer a comprehensive benefits package designed to support employees health financial security and well-being. Benefits include:

• Medical Dental and Vision Coverage for employees dependents and domestic
• Employee Assistance Program (EAP) Confidential support for personal and work-related
• 401(k) Plan Includes a company matching program and profit-sharing
• Discretionary Bonus Program Recognizing employee
• Flexible Spending Accounts (FSA) Pre-tax savings for dependent care transportation and eligible medical expenses.
• Paid Time Off (PTO) Begins accruing on the first day of Full-time employees accrue 15 days per year and employees working less than full-time accrue PTO on a prorated basis.
• Holidays A minimum of 10 paid holidays per
• Family Building Benefits Includes adoption and fertility
• Paid Parental Leave Up to 12 weeks of paid leave for employees who meet eligibility
• Life Insurance & AD&D 100% of premiums covered by
• Short-Term and Long-Term Disability Fully paid by

ABOUT MILLIMAN:

Independent for over 75 years Milliman delivers market-leading services and solutions to clients worldwide. Today we are helping companies take on some of the worlds most critical and complex issues including retirement funding and healthcare financing risk management and regulatory compliance data analytics and business transformation.

Milliman invests in skills training and career development and gives all employees access to a variety of learning and mentoring opportunities. Our growing number of Milliman Employee Resource Groups (ERGs) are employee-led communities that influence policy decisions develop future leaders and amplify the voices of their constituents. We encourage our employees to give back to their varied professions including leadership in professional organizations. Please visit our web site ( to learn more about Millimans commitments to our people inclusion and sustainability.

Through a team of professionals ranging from actuaries to clinicians technology specialists to plan administrators we offer unparalleled expertise in employee benefits investment consulting healthcare life insurance and financial services and property and casualty insurance.

EQUAL OPPORTUNITY:

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation national origin disability or status as a protected veteran.

Required Experience:

Chief