Sr Director, IT Security

Our Company

Explore how you can contribute at AmeriLife.

For over 50 years AmeriLife has been a leader in the development marketing and distribution of annuity life and health insurance solutions for those planning for and living in retirement.

Associates get satisfaction from knowing they provide agents marketers and carrier partners the support needed to succeed in a rapidly evolving industry.

Job Summary

Explore how you can contribute at AmeriLife.

For over 50 years AmeriLife has been a leader in the development marketing and distribution of annuity life and health insurance solutions for those planning for and living in retirement.

Associates get satisfaction from knowing they provide agents marketers and carrier partners the support needed to succeed in a rapidly evolving industry.

The Sr. Director of IT Security serves as AmeriLifes leader for enterprise cybersecurity responsible for defining implementing and operating a comprehensive cybersecurity program spanning security architecture cloud security identity & access management DevSecOps incident response security operations governance risk and compliance. This role provides regular cybersecurity insights and updates to the Board or Audit/Risk Committee and leads a highperforming organization that includes Security Operations Security Engineering Governance Risk & Compliance (GRC) and additional specialized functions.

The Sr. Director ensures that cybersecurity initiatives are fully aligned with business priorities regulatory requirements and AmeriLifes overall risk appetite while driving a multiyear roadmap that strengthens AmeriLifes enterprise security posture. This leader is accountable for consistent regulatory compliance improved audit and examination outcomes and the reduction of cyber risk across all AmeriLife entities. Through strategic leadership and operational excellence the Sr. Director will advance mature scalable security operations and engineering capabilities and foster a securityaware culture embedded across the enterprise enabling increased resilience and ongoing protection of AmeriLifes technology ecosystem.

Job Description

Key Responsibilities

Strategic Leadership & Cybersecurity Program Execution

• Develop and drive a unified enterprisewide cybersecurity strategy.
• Monitor emerging threats technologies and regulatory requirements update strategy accordingly.
• Establish a multiyear roadmap aligned with AmeriLifes technology and business goals.

Regulatory Compliance & Risk Management

• Lead compliance with NYDFS Part 500 SOX ITGC GLBA HIPAA and other regulations.
• Oversee SOX IT controls evidence collection testing remediation and audit liaison.
• Conduct regular cybersecurity risk assessments and report findings to executives and the Board.

Security Architecture & Cloud Security

• Oversee enterprise security architecture across onprem cloud and hybrid environments.
• Lead Azure and Microsoft 365 cloud security programs including CSPM secure configuration and tenant governance.
• Implement Zero Trust principles across identity devices networks and applications.
• Ensure secure cloud migrations and consistent standards across AmeriLife affiliates.

DevSecOps & Application Security

• Integrate security into SDLC and CI/CD pipelines.
• Establish secure coding standards and oversee SAST/DAST dependency scanning and penetration testing.
• Promote securitybydesign principles across development and engineering.

Security Operations & Incident Response

• Direct all SOC activities including internal analysts and external MDR providers.
• Oversee MDR and EDR operations ensuring integration tuning detection fidelity and coordinated response.
• Maintain the enterprise Incident Response Plan including triage containment forensics recovery and rootcause analysis.
• Partner with external incidentresponse firms for escalated investigations.
• Oversee managed vulnerability services ensuring timely scanning risk scoring prioritization and remediation tracking.
• Manage enterprise vulnerability management lifecycle and patch governance.

Governance Compliance & Audit Oversight

• Maintain cybersecurity policies and standards aligned to NIST CSF NIST 80053 ISO 27001.
• Chair cybersecurity governance forums to coordinate enterprise adoption and alignment.
• Lead regulatory exams audit responses evidence readiness and remediation tracking.

Team Leadership & Organizational Development

• Build and lead a highperforming cybersecurity organization.
• Define roles competencies and KPIs; mentor and develop staff.
• Promote collaboration between security IT and business functions.

Enterprise Collaboration & Stakeholder Engagement

• Partner with IT Legal Compliance ERM and business leaders to embed security into projects and operational processes.
• Serve as primary cybersecurity liaison to affiliates.
• Promote cybersecurity awareness and education enterprisewide.

Vendor Oversight & ThirdParty Risk Management

• Manage and monitor thirdparty security vendors including MDR EDR incident response threat intelligence pentesting and other specialized services.
• Oversee all thirdparty security evaluations including red team exercises purple team engagements external and internal penetration testing social engineering assessments and remediation followthrough.
• Lead thirdparty cyber risk management including due diligence SOC report review contractual controls and ongoing monitoring.
• Manage vendors delivering managed vulnerability services ensuring coverage SLA adherence and reporting accuracy.
• Conduct structured vendor performance reviews and optimize the cybersecurity vendor ecosystem.

Executive Reporting & Budget Management

• Serve as cybersecurity advisor to the CIO executive leadership and the Board.
• Provide businessaligned reporting on threats risks incidents compliance and program maturity.
• Own and manage the cybersecurity budget; prioritize investments based on risk and regulatory drivers.

Required Qualifications

• Bachelors degree required; Masters degree or MBA preferred.
• CISSP or CISM required; CRISC CISA CCSP preferred.
• 6-8 years of progressive cybersecurity leadership; 3-5 years leading teams or major security functions.
• Strong experience in financial services or insurance.
• Deep knowledge of NYDFS Part 500 SOX ITGC GLBA HIPAA.
• Expertise in cloud security (Azure/M365) IAM network security SOC operations incident response and DevSecOps.
• Exceptional communication skills and the ability to present complex issues to executives and the Board.

What AmeriLife Offers

A comprehensive benefits package that includes PTO medical dental vision retirement savings disability insurance and life insurance.

Equal Employment Opportunity Statement

We are an Equal Opportunity Employer and value diversity at all levels of the organization. All employment decisions are made without regard to race color religion creed sex (including pregnancy childbirth breastfeeding or related medical conditions) sexual orientation gender identity or expression age national origin ancestry disability genetic information marital status veteran or military status or any other protected characteristic under applicable federal state or local law. We are committed to providing an inclusive equitable and respectful workplace where all employees can thrive.

Americans with Disabilities Act (ADA) Statement

We are committed to full compliance with the Americans with Disabilities Act (ADA) and all applicable state and local disability laws. Reasonable accommodations are available to qualified applicants and employees with disabilities throughout the application and employment process. Requests for accommodation will be handled confidentially. If you require assistance or accommodation during the application process please contact us at .

Pay Transparency Statement

We are committed to pay transparency and equity in accordance with applicable federal state and local laws. Compensation for this role will be determined based on skills qualifications experience and market factors. Where required by law the pay range for this position will be disclosed in the job posting or provided upon request. Additional compensation information such as benefits bonuses and commissions will be provided as required by law. We do not discriminate or retaliate against employees or applicants for inquiring about discussing or disclosing their pay or the pay of another employee or applicant as protected under applicable law. Pay ranges are available upon request.

Background Screening Statement

Employment offers are contingent upon the successful completion of a background screening which may include employment verification education verification criminal history check and other job-related inquiries as permitted by law. All screenings are conducted in accordance with applicable federal state and local laws and information collected will be kept confidential. If any adverse decision is made based on the results applicants will be notified and given an opportunity to respond.