Chief Information Security Officer

Company Description

Trupanion is a leading provider of medical insurance for cats and dogs in North America. Our mission is to help loving, responsible pet owners budget and care for their pets. Trupanion offers a collaborative, casual, and pet-friendly environment where everyone is encouraged to be themselves. 

Job Description

We are seeking a highly experienced and visionary Chief Information Security Officer (CISO) to lead our organization's cybersecurity strategy and protect our digital assets, sensitive data, and information systems. The CISO will oversee the development, implementation, and management of comprehensive security programs and ensure compliance with regulatory requirements. This IT leadership role requires a strategic thinker, strong leadership skills, and technical expertise in cybersecurity practices. 

This position is open to candidates in the Seattle area. You will have a hybrid remote/in-office schedule, working from our casual, pet-friendly office at least three days a week. 

Key Responsibilities: 

Strategic Leadership 

• Collaborate with CIO to develop and execute a robust enterprise-wide cybersecurity strategy. 
• Align security initiatives with business objectives, ensuring risk mitigation without hindering innovation or operations. 
• Provide expert guidance to the IT leadership team on current and emerging cybersecurity threats and best practices. 

Risk Management 

• Identify, evaluate, and mitigate cybersecurity risks through proactive measures and incident response planning. 
• Oversee periodic risk assessments, audits, and penetration tests to maintain a strong security posture. 
• Implement and maintain cybersecurity frameworks, such as NIST, ISO 27001, or similar. 

Operational Oversight 

• Lead the design, deployment, and management of security architecture, policies, and procedures. 
• Monitor and respond to security breaches, cyber incidents, and vulnerabilities. 
• Establish and oversee the Security Operations Center (SOC) and incident response teams. 
• Compliance and Governance 
• Ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, NYDFS, PCI DSS, OSHI, SOX). 
• Develop and enforce security policies, standards, and guidelines across the organization. 
• Work closely with legal, compliance, and 3rd party audit teams to address regulatory requirements. 
• Collaboration and Communication 
• Build and maintain relationships with internal stakeholders, including IT, HR, and legal departments. 
• Engage with external partners, such as vendors, insurance agencies, government agencies, and industry groups, to enhance the organization's security framework. 
• Deliver clear and actionable reports on cybersecurity performance and risks to the board of directors and executive management. 

Team Leadership 

• Build appropriate org structure and recruit, mentor, and manage a high-performing cybersecurity team. 
• Foster a culture of security awareness and continuous improvement throughout the organization. 

Qualifications & Experience: 

Education and Experience 

• Bachelor’s or Master’s Degree in Computer Science, Information Security, or a related field. 
• 10+ years of progressive experience in cybersecurity, including leadership. 
• Certifications such as CISSP, CISM, CISA, or equivalent are preferred. 

Technical Expertise 

• In-depth knowledge of cybersecurity technologies, tools, and trends. 
• Experience with cloud security, endpoint protection, threat intelligence, and security analytics. 
• Proficiency in developing and managing security budgets and resource allocation. 

Leadership and Communication 

• Proven ability to lead cross-functional teams and drive strategic initiatives. 
• Excellent communication and presentation skills, with the ability to convey complex security concepts to non-technical audiences. 
• Strong decision-making, problem-solving, and crisis-management skills. 

Core Competencies & Skills: 

Strategic Thinking and Vision 

• Ability to develop and execute a long-term cybersecurity strategy aligned with business goals. 
• Awareness of emerging trends, threats, and technologies to future-proof the organization. 

Risk Management Expertise 

• Proficient in identifying, assessing, and mitigating risks across the enterprise. 
• Skilled in implementing risk management frameworks (e.g., NIST, ISO 27001). 
• Strong understanding of business impact analysis and prioritization of risk response. 

Technical Proficiency 

• Deep understanding of cybersecurity tools, technologies, and practices, including: 
  • Network security 
  • Endpoint protection 
  • Cloud security 
  • Threat intelligence 
  • Security Information and Event Management (SIEM) systems 
• Hands-on experience with incident response, vulnerability management, and forensics. 

Leadership and Team Development 

• Strong leadership skills to inspire and manage cybersecurity teams. 
• Experience in recruiting, mentoring, and retaining top talent in the cybersecurity field. 
• Ability to foster a culture of security awareness across the organization. 

Regulatory and Compliance Knowledge 

• Expertise in global and industry-specific compliance requirements, such as: 
  • GDPR, NYDFS, OSHI, PCI DSS, SOX 
• Ability to navigate audits and maintain compliance with cybersecurity laws and regulations. 

Communication and Stakeholder Management 

• Strong written and verbal communication skills to articulate complex security issues to non-technical audiences. 
• Proficiency in preparing and presenting security updates and risk assessments to the board of directors and C-suite executives. 
• Skilled in collaborating with cross-functional teams and external stakeholders. 

Incident Response and Crisis Management 

• Expertise in managing security breaches and developing robust incident response plans. 
• Strong decision-making skills under pressure to minimize damage and ensure swift recovery. 

Financial Acumen 

• Ability to develop and manage a cybersecurity budget effectively. 
• Understanding of cost-benefit analysis for security investments and resource allocation. 

Analytical and Problem-Solving Skills 

• Proficiency in analyzing large volumes of data to identify potential security issues. 
• Creative problem-solving to develop innovative and effective solutions to complex security challenges. 

Collaboration and Influence 

• Adept at building relationships with internal and external stakeholders. 
• Ability to find win-win solutions that balance security needs without stifling innovation or negatively impacting customer experience. 
• Ability to influence organizational culture to prioritize cybersecurity. 

Ethical Judgment and Integrity 

• High ethical standards in handling sensitive information and making decisions. 
• Commitment to transparency and accountability in security practices. 

Compensation: 

• The pay range for this position is $200-$250K, on a full-time schedule. 
• Along with base salary, Trupanion employees may be eligible for monthly bonuses. 
• We want all employees to be invested in Trupanion’s success, so we grant Restricted Stock Units to all new team members. Our new hire grants vest over 4 years.  

Additional Information

All your information will be kept confidential according to EEO guidelines.

Benefits and Perks:

• Full medical, dental, and vision benefits at no cost to the employee
• Four weeks of paid time off and 9 paid float holidays (you can decide which days are most important to you!)
• Five-week sabbatical after five years of employment
• Open, casual, pet-friendly, and fun office environment
• Free medical health insurance for your pet (1 dog or cat)
• Paid time off to volunteer at nonprofit organizations
• Seattle Office Amenities: Free on-site gym, free dog walking services for office pets during business hours, free parking, and paid ORCA cards.

For more information about Trupanion, visit https://trupanion.com/about

Learn more about how Trupanion has revolutionized our industry and the reimbursement model: https://www.youtube.com/watch?v=vdWZ4KHiPTQ

Trupanion is an equal-opportunity employer and embraces diversity. We are committed to building a team that represents a variety of backgrounds, abilities, perspectives, and skills.

We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. Please contact us to request accommodations.