Ignyte Insurance

Role Description Reporting to the Global CTO/CISO, the Head of Security owns the full security program across Ignyte and its operating companies: engineering, operations, governance/risk/compliance, and incident response. You will run day-to-day security operations and detection & response, own and rationalize the security technology stack, lead the GRC and regulatory agenda, drive cyber due diligence and post-close security integration for acquisitions, and own incident response end to end. You will lead a direct team of four and manage key security vendors, partners, and budget. Key Responsibilities - Security Engineering & Operations: - Own day-to-day security operations: detection & response, EDR/XDR, email security, endpoint management, SIEM/log management, and vulnerability management. - Drive measurable gains in detection coverage, mean time to detect/respond, and operational maturity. - Manage MDR/MSSP and tooling vendor relationships. - Cloud & Identity Security: - Lead security posture across Microsoft Azure and Microsoft 365 / Entra ID (Microsoft Defender suite, conditional access, identity governance, and privileged access). - Operate cloud security posture management and drive remediation to closure. - M&A Cyber Due Diligence & Integration: - Lead pre-acquisition cyber due diligence: external attack surface mapping, gap assessment, etc. - Own post-close security integration (onboarding acquired entities onto the common baseline, rationalizing overlapping tooling, and supporting TSA stand-up and exit). - Incident Response: - Own the incident response program (playbooks, tabletop exercises, forensics/vendor coordination, and executive communication during incidents). - Governance, Risk & Compliance: - Own the GRC function: security risk management, the risk register, policy and standards, and control-framework alignment (NIST CSF / CIS Controls). - Run the security exception, remediation, and risk-acceptance process and surface residual risk to executive leadership. - Leadership: - Lead, mentor, and grow the security team. - Build global relationships within a matrixed organization. - Own the security operations budget and roadmap; report posture and risk to the CISO and leadership. Qualifications - 10+ years in information security, including 4+ years in security leadership. - Experience owning aspects of a security program end to end: engineering, operations, GRC, and incident response (not just a single function). - Deep, hands-on expertise with the CrowdStrike suite of tools, including Falcon (EDR/XDR, threat hunting, response, Spotlight). - Strong Microsoft Azure and Microsoft 365 / Entra ID security expertise (Defender, conditional access, identity governance). - Hands-on incident response leadership and modern SecOps practices (detection engineering, vulnerability management). - Experience in a regulated industry (insurance or financial services), with working knowledge of NYDFS 23 NYCRR 500 or a comparable regime. - Demonstrable experience with email threat detection and endpoint management, log management/detection (SIEM), and external attack surface management. Preferred Qualifications - Previous MSP/MSSP experience highly desired. - Experience in a highly acquisitive, multi-entity environment. - Insurance, MGA/MGU, or brokerage industry background. - Relevant certifications (e.g., CISSP, CCSP, Azure Security Engineer, GIAC). - Track record standing up or maturing a security program through rapid inorganic growth. - Demonstrated M&A cyber due diligence and integration experience, assessing and onboarding acquired companies onto a common security baseline. Benefits - Competitive benefits offering including medical, dental, vision, and supplemental benefits. - Company-paid life insurance, long-term and short-term disability policies. - 14 annual paid holidays and generous PTO plan. - 401(k) with annual Safe Harbor and profit share contributions. - Open to remote work environment.