Manager - Information Security

The ideal candidate for this role would work on a hybrid scheduled our of our Merrill, WI or Milwaukee, WI office.

What You'll Be Doing

The Information Security Manager is accountable for operationalizing the organization’s information security program and translating security strategy into implemented controls, measurable outcomes, and continuous risk reduction. This role manages assigned resources to protect CM Group information assets, support regulatory compliance, and embed security into technology operations and delivery.

This position is responsible for leading the implementation, execution and governance for all information security operations management across CIS Critical Security Controls and NIST Cybersecurity Framework for the CM Group enterprise.

Primary Job Responsibilities

Leadership & People Management

• Staffing, onboarding, coaching, performance management, and workforce planning.
• Budget participation and service delivery accountability.
• Lead and assign resources within IT to support business objectives. Responsible for the team’s performance and its effects on IT and the business. Share plans and strategies to keep staff motivated and engaged.
• Lead through collaboration, partnering, and clear decision making. Provide leadership and guidance to individual contributors.
• Keep senior IT management informed on problem status, risk, and business satisfaction. Regularly report on information security program performance, including key metrics like vulnerability remediation SLAs, incident response times, and security awareness effectiveness. Escalate major incidents to senior IT management and provide monthly reports for the CISO and Board of Directors.
  
  

Governance, Risk & Compliance

• Establish risk identification, prioritization, and reporting aligned to business impact.
• Govern policy lifecycle management and compliance oversight.
• Ensures the approval and publication of information security policies and practices. Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  
  

Security Program Execution

• Implement and govern secure configuration standards, IAM governance, SDLC security integration, and awareness training.
• Responsible for the effective acquisition, deployment, and integration of information technology solutions. Ensure effective deployment and flexibility in meeting changing business needs.
• Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
• Working with the CISO develops and drives an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
  
  

Monitoring, Detection & Vulnerability Management

• Logging, monitoring, vulnerability scanning, remediation SLAs, and escalation.
• Conduct vulnerability scanning, facilitate the vulnerability management process, and escalate as required for critical vulnerabilities and threats.
• Drives alignment and results across IT teams to ensure vulnerability management program is effective.
  
  

Incident Response & Recovery

• Incident response planning, exercises, post-incident improvement, and cyber recovery leadership.
• Strategic leadership to ensure incident response activities are coordinated with privacy, risk management, compliance, and business continuity objectives.
  
  

Third-Party Risk Management

• Vendor security due diligence, contract reviews, and risk mitigation.
• Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
  
  

Metrics & Continuous Improvement

• Security KPIs, executive reporting, and continuous control improvement.
• Establish security metrics, tracking the progress of the Corporate Information Security Program, and coordinate with other corporate governance and risk entities.
• Establish and document information security standards in the PMLC and SDLC processes and provide appropriate review of projects to assess information security policies, practices, and guidelines.
  
  

Qualifications

Required:

• Bachelor’s degree or equivalent experience.
• 10 years IT experience; 3 years IT management experience.
  
  

Experience with security frameworks (NIST, CIS, ISO).

Preferred

• Insurance industry experience.
  
  

Experience leading IT leaders.

• Security certifications (CISSP, CISM, CISA, GIAC).
  
  

Work Environment

• Professional Office Environment
  
  

Church Mutual is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Exact compensation will vary based on consideration of a variety of factors including education, skills, experience, and location.