Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Reports to: Global Chief Technology and Information Security Officer (CTO/CISO)
Location:
Flexible (US-based East Coast highly preferred; remote-friendly)
Team:
Direct team of 4, plus managed security vendors and partners
ABOUT IGNYTE
Ignyte Insurance Services is powering the next generation of specialty insurance brands by helping niche insurance companies unlock new levels of growth, scale smarter, and reach broader markets. We operate a fast-moving, highly acquisitive, multi-entity environment in a regulated insurance market governed by NYDFS and state insurance regulators. Security is central to how we acquire, integrate, and operate. Every transaction carries cyber risk, and every newly acquired company must be brought onto a common, defensible security baseline quickly. This is a builder's environment for a security leader who wants to shape a program through rapid inorganic growth.
POSITION SUMMARY
Reporting to the Global CTO/CISO, the Head of Security owns the full security program across Ignyte and its operating companies: engineering, operations, governance/risk/compliance, and incident response. You will run day-to-day security operations and detection & response, own and rationalize the security technology stack, lead the GRC and regulatory agenda, drive cyber due diligence and post-close security integration for acquisitions, and own incident response end to end. You will lead a direct team of four and manage key security vendors, partners, and budget.
KEY RESPONSIBILITIES
Security Engineering & Operations Own day-to-day security operations: detection & response, EDR/XDR, email security, endpoint management, SIEM/log management, and vulnerability management. Drive measurable gains in detection coverage, mean time to detect/respond, and operational maturity. Manage MDR/MSSP and tooling vendor relationships. Cloud & Identity Security Lead security posture across Microsoft Azure and Microsoft 365 / Entra ID (Microsoft Defender suite, conditional access, identity governance, and privileged access). Operate cloud security posture management and drive remediation to closure. M&A Cyber Due Diligence & Integration Lead pre-acquisition cyber due diligence: external attack surface mapping, gap assessment, etc. Own post-close security integration (onboarding acquired entities onto the common baseline, rationalizing overlapping tooling, and supporting TSA stand-up and exit). Incident Response Own the incident response program (playbooks, tabletop exercises, forensics/vendor coordination, and executive communication during incidents). Governance, Risk & Compliance Own the GRC function: security risk management, the risk register, policy and standards, and control-framework alignment (NIST
CSF / CIS
Controls). Run the security exception, remediation, and risk-acceptance process and surface residual risk to executive leadership. Leadership Lead, mentor, and grow the security team Build global relationships within a matrixed organization. Own the security operations budget and roadmap; report posture and risk to the CISO and leadership.
REQUIRED QUALIFICATIONS
10+ years in information security, including 4+ years in security leadership. Experience owning aspects of a security program end to end: engineering, operations, GRC, and incident response (not just a single function). Deep, hands-on expertise with the CrowdStrike suite of tools, including Falcon (EDR/XDR, threat hunting, response, Spotlight). Strong Microsoft Azure and Microsoft 365 / Entra ID security expertise (Defender, conditional access, identity governance). Hands-on incident response leadership and modern SecOps practices (detection engineering, vulnerability management). Experience in a regulated industry (insurance or financial services), with working knowledge of
NYDFS 23 NYCRR
500 or a comparable regime. Demonstrable experience with email threat detection and endpoint management, log management/detection (SIEM), and external attack surface management.
PREFERRED QUALIFICATIONS
Previous
MSP/MSSP
experience highly desired. Experience in a highly acquisitive, multi-entity environment. Insurance, MGA/MGU, or brokerage industry background. Relevant certifications (e.g., CISSP, CCSP, Azure Security Engineer, GIAC). Track record standing up or maturing a security program through rapid inorganic growth. Demonstrated M&A cyber due diligence and integration experience, assessing and onboarding acquired companies onto a common security baseline.
BENEFITS
Competitive benefits offering including medical, dental, vision, and supplemental benefits. Company-paid life insurance, long-term and short-term disability policies. 14 annual paid holidays and generous PTO plan. 401(k) with annual Safe Harbor and profit share contributions. Open to remote work environment.
