Sr. Information Security Specialist (Hybrid)

At Selective, we don't just insure uniquely, we employ uniqueness. 

Our Business  

Selective is a midsized U.S. domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years. Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2024 and certification as a Great Place to Work® in 2024 for the fifth consecutive year. 

Working at Selective 

At Selective, we don't just insure uniquely – we employ uniqueness. Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success. Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs. Employees receive comprehensive total rewards packages - including competitive compensation and performance awards, health benefits, and retirement savings - and professional development opportunities and flexible schedules to support their health, wealth, and well-being. Join our team and help make a difference. 

Overview:   

Acting as a leader and subject matter expert, this role will protect enterprise information systems and data from intentional or accidental destruction, disruption, or modification while minimizing the impact upon those who need legitimate access to the data. Works closely across ITS teams and business units to identify and specify gaps, requirements, and solutions to security measures that safeguard access to enterprise files, networks, and data. Provides highly technical consulting and leadership in the identification, escalation, and mitigation of security risks, anomalies, or threats to the Manager, IT Security. Serves as point of escalation for third-tier support and provides expertise across a range of information security technologies within their area of responsibility. 

Responsibilities: 

• Provides risk assessments, control assessments, and highly technical consultation on security topics to enterprise projects and technology acquisitions, in support of Manager, IT Security. Acts as a subject matter expert to the enterprise and a mentor to other IT security staff. Initiates work as needed to meet security needs and exercises significant levels of accountability and ownership of security issues
• Independently identifies, assesses, and recommends security software, processes, and services to Manager, IT Security based on business plans and security gaps, as appropriate. Able to translate high level designs and industry trends into highly complex and effective solutions and leads the engineering and deployment of these solutions.
• Supports audit activities sponsored by internal, retained, or external audit areas. Leads the collection of documentation, retaining of documentation and execution of remediation plans as agreed to with the IT Management Team.
• Recognizes and identifies potential areas where existing data security policies, procedures, and controls require change, or where new ones need to be developed, especially regarding future business expansion. Maintains an awareness of industry trends and emerging risks and proposes relevant company response.
• Identifies, initiates, and manages contact with vendors regarding new security technology, security system updates, and technical support of security products.
• Takes a leadership role in supporting Security Management in partnering with legal and audit departments to ensure compliance with policy and regulatory requirements.
• Leads Developers, Technicians, Architects, and Managers in the development and enforcement of Enterprise Architecture and Security standards.
• During incident response events works with ITS Cyber Defense Senior Specialist to perform event triage, scoping, criticality, impact, and recovery

Qualifications: 

• 5 - 7 years’ experience in Information Technology or Risk Management roles, with at least 4 years in a security role. Bachelor’s or master’s degree in computer science, management information systems, business administration, or related discipline is preferred.

• Security specific certifications such as CISSP, GIAC, or equivalent designation highly preferred
• Expert level knowledge of current security control technologies and procedures for a large-scale environment.
• Knowledge of firewall theory and configuration, intrusion detection and internet architecture.
• Knowledge of national and international regulatory compliances and frameworks such as NIST-CSF, ISO-27000, SOX, BASEL II, EU DPD, HIPAA, and PCI D

Salary range:  $116,000 - $167,000.  The actual base salary is based on geographic location, and the range is representative of salaries for this role throughout Selective's footprint. Additional considerations include the candidate's qualifications and experience.   

Selective is an Equal Employment Opportunity employer.  That means we respect and value every individual’s unique opinions, beliefs, abilities, and perspectives. We are committed to promoting a welcoming culture that celebrates diverse talent, individual identity, different points of view and experiences – and empowers employees to contribute new ideas that support our continued and growing success. Building a highly engaged team is one of our core strategic imperatives, which we believe is enhanced by diversity, equity, and inclusion. We expect and encourage all employees and all of our business partners to embrace, practice, and monitor the attitudes, values, and goals of acceptance; address biases; and foster diversity of viewpoints and opinions.   

Selective maintains a drug-free workplace.  

#LI-SB1       

#LI-hybrid