-
Director, IT Security and Cloud Governance…
- GuideOne Insurance (West Des Moines, IA)
-
We are seeking a pragmatic, hands-on Director of IT Security and Cloud Governance to lead our enterprise security and risk program while also providing governance oversight of our growing multi-cloud environments. This role will be responsible for safeguarding infrastructure, systems, and data across a multi-tenant, regulated environment serving multiple mutual insurance companies.
You will oversee a small internal team and managed service providers to deliver operational security excellence, ensure regulatory compliance, and enforce secure cloud usage practices across AWS and Azure. The ideal candidate brings strong execution discipline, attention to detail, and the ability to anticipate and mitigate emerging risks while scaling a secure, cost-effective cloud ecosystem.
Accountabilities:
Security Strategy, Architecture, and Operations
+ Define and maintain enterprise network and system security architecture, ensuring alignment with business and cloud transformation goals.
+ Lead operational security functions including firewall administration, endpoint protection, email security, IAM, and certificate management.
+ Oversee cloud security posture across AWS and Azure, including workload protection, IAM policies, encryption, and secure configuration.
Cloud Governance and Oversight
+ Provide end-to-end oversight of cloud usage across AWS and Azure, ensuring alignment with security, compliance, and cost-efficiency objectives.
+ Define and enforce cloud governance policies covering access control, provisioning standards, resource tagging, and workload classification.
+ Collaborate with infrastructure and application teams to drive cloud optimization, including cost control, configuration hygiene, and performance tuning.
+ Monitor and manage cloud access controls and privileged identity management in multi-cloud environments.
+ Support secure cloud adoption by embedding security and governance guardrails into infrastructure-as-code and DevSecOps pipelines.
Governance, Risk, and Compliance (GRC)
+ Own the organization’s security governance and GRC program, including policy development, control frameworks, audits, and third-party risk assessments.
+ Maintain compliance with regulatory standards such as SOC 2, NAIC, NYDFS, CCPA, and internal security policies.
+ Conduct security vendor reviews, risk assessments, and remediation planning in coordination with procurement and legal teams.
Security Operations and Incident Management
+ Lead the incident response process, including investigation, containment, remediation, root cause analysis, and post-incident reporting.
+ Manage ongoing vulnerability scanning, risk mitigation, and patching across cloud and on-prem environments.
+ Strengthen SIEM, alerting, and log analytics capabilities in collaboration with infrastructure and monitoring teams.
Identity & Access Management (IAM)
+ Oversee identity and access controls for infrastructure, applications, SaaS, and cloud platforms.
+ Enforce least privilege principles, role-based access, and automated access provisioning and deprovisioning workflows.
Security Culture & Awareness
+ Lead and enhance the security awareness training program to build a culture of proactive risk management across all teams.
+ Collaborate with engineering, infrastructure, and business teams to ensure security is integrated early and continuously into delivery cycles.
Qualifications:
+ 12+ years of progressive experience in IT and cybersecurity, with 5+ years in a leadership capacity.
+ Proven expertise in:
+ Cloud security and governance across AWS and Azure
+ Network and endpoint security, including firewall administration and device hardening
+ Email and IAM security, including identity lifecycle and privileged access
+ Incident response, vulnerability management, and SIEM tools
+ Security compliance frameworks (SOC 2, ISO 27001, NIST, NAIC, NYDFS, CCPA)
+ GRC tools, third-party/vendor security assessments, and audit preparedness
+ Experience managing both internal teams and external managed security service providers (MSSPs).
+ Strong execution skills with the ability to balance strategic priorities with operational delivery.
+ Clear, confident communicator with experience engaging stakeholders across technical and business teams.
+ Professional certifications such as CISSP, CISM, CCSP, or similar are preferred.
+ Experience in regulated industries such as insurance or financial services is strongly preferred.
+ Bachelor’s degree in Information Security, Information Technology, Computer Science, or a related field.
Benefits:
We are proud to offer a robust benefits suite that includes:
+ Competitive base salary plus incentive plans for eligible team members
+ 401(K) retirement plan that includes a company match of up to 6% of your eligible salary
+ Free basic life and AD&D, long-term disability and short-term disability insurance
+ Medical, dental and vision plans to meet your unique healthcare needs
+ Wellness incentives
+ Generous time off program that includes personal, holiday and volunteer paid time off
+ Flexible work schedules and hybrid/remote options for eligible positions
+ Educational assistance
#TMG
-
Recent Searches
- Senior UC Telecommunications Engineer (Massachusetts)
- pharmacy technician iv tech (United States)
- Correspondence Analyst Journey Level (Washington, DC)
- Partner Manager (Texas)
Recent Jobs
-
Director, IT Security and Cloud Governance - Hybrid or Remote Opportunity
- GuideOne Insurance (West Des Moines, IA)
-
Assistant Store Manager
- Extra Space Storage (Hanover, MD)