Chief Information Security Officer (CISO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Milliman · 15 hours ago

Chief Information Security Officer (CISO)

positionSeattle, WA
timeFull-time
remoteHybrid
seniorityDirector/Executive
money$234K/yr - $397K/yr
date10+ years exp

Milliman is an independent company delivering market-leading services and solutions to clients worldwide. The Chief Information Security Officer (CISO) is responsible for developing and overseeing Milliman’s global information security program, ensuring the confidentiality and integrity of information assets while aligning security initiatives with business objectives.

AnalyticsConsultingInsurTech
badNo H1Bnote

Responsibilities

Drive the information security function across Milliman, ensuring alignment with organizational goals
Establish and implement a global information security vision and strategy by collaborating with the Board, senior leaders, and Equity Principals
Design and deliver the security roadmap, including staffing and budget plans, and manage the approved corporate information security budget
Serve as an expert advisor to the Board and senior leadership on IT security matters
Facilitate organization-wide security enhancements that integrate business objectives with IT infrastructure, physical infrastructure, and human resources
Act as the primary change agent facilitating information security improvements in security culture, business relationships, and product/service design
Chair the Security Technology Steering Group (STSG)
Collaborate with senior leadership on IT-related risk management to identify, assess, and address risks
Oversee the development, implementation, and maintenance of global information security policies, standards, guidelines, and procedures
Ensure compliance with relevant laws, regulations, and industry frameworks (e.g., ISO 27001, HIPAA, HITRUST, SOC 2)
Partner with the Legal Department to maintain a collaborative approach to information security and privacy
Manage third-party/vendor security risk programs and ensure alignment with corporate policies
Serve as a voting member of the Enterprise Risk Management Committee and Technology Operations Committee and act as a key advisor to senior leadership on IT security matters
Oversee emergency procedures and incident response protocols, serving as the control point during significant security incidents
Direct teams to detect, report, contain, and mitigate incidents impacting data and infrastructure security
Oversee periodic security reviews of all business units and present findings to the Enterprise Risk Committee and Board
Partner with the Legal team in response to privacy incidents and significant events
Collaborate with IT teams to develop, evaluate, and improve network disaster recovery plans
Maintain relationships with law enforcement and relevant government agencies in support of the information security program
Develop and implement enterprise-wide security awareness training
Build and report on metrics and KPIs to measure program effectiveness
Recommend security enhancements and purchases consistent with evolving threats and strategic objectives
Stay current on technological advances and identify opportunities for adoption within Milliman
Provide coordination, communication, and dissemination of best practices across the organization
Support Equity Principals and their practices in security-related matters consistent with GCS service expectations

Qualification

CISSPCISMISO 27001Cloud SecurityRisk ManagementBudget ManagementInformation Security PoliciesProject ManagementLeadershipCommunication SkillsTime ManagementTeam Management

Required

Bachelor's degree in Computer Science, Computer Engineering, Information Systems, or related discipline
The ideal candidate must possess certification (s): Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
The ideal candidate must have 10+ years in management of business or technology organizations, with demonstrated competency in strategic thinking, leadership, and relationship management, and enterprise-level responsibility
The ideal candidate must have 7+ years of direct management experience overseeing security teams and budgets
The ideal candidate must have previous experience with regulatory compliance frameworks such as ISO 27001/2, HIPAA, HITRUST, and SOC 2
The ideal candidate must have previous experience with cloud security control design and management experience
The ideal candidate must have thorough knowledge of finance, budgeting, project management, and systems development lifecycle
The ideal candidate must have knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, and web services
Must have demonstrated leadership in multi-discipline, high-performance teams, including supervision and professional development of technical staff
Must have proven ability to work with geographically diverse offices in a global organization
Must have excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across broad groups
Must have the ability to deal effectively with concrete, tangible issues as well as abstract, conceptual matters
Must demonstrated thought leadership in information security and creating innovative, scalable business solutions with the ability to lead and motivate cross-functional, interdisciplinary teams
Must have strong time management skills, ability to handle multiple projects concurrently, and the capacity to be flexible and nimble as business needs change and evolve

Preferred

Advanced degree (master's or PhD) in Information Security, Computer Science, or related field
Experience within consulting or professional services organizations
Familiarity with enterprise-level cloud technologies, defect tracking tools, agile management tools, and Microsoft Suite
Additional certifications (e.g., GIAC, CCSP, CRISC, PMP)

Benefits

Medical, Dental and Vision – Coverage for employees, dependents, and domestic partners.
Employee Assistance Program (EAP) – Confidential support for personal and work-related challenges
401(k) Plan – Includes a company matching program and profit-sharing contributions
Discretionary Bonus Program – Recognizing employee contributions
Flexible Spending Accounts (FSA) – Pre-tax savings for dependent care, transportation, and eligible medical expenses
Paid Time Off (PTO) – Begins accruing on the first day of work. Full-time employees accrue 15 days per year, and employees working less than full-time accrue PTO on a prorated basis
Holidays – A minimum of 10 paid holidays per year
Family Building Benefits – Includes adoption and fertility assistance
Paid Parental Leave – Up to 12 weeks of paid leave for employees who meet eligibility criteria
Life Insurance & AD&D – 100% of premiums covered by Milliman
Short-Term and Long-Term Disability – Fully paid by Milliman

Company

Milliman

twittertwittertwitter
Glassdoor3.9
company-logo
Milliman is a risk management, benefits, and technology firm that offers insurance and retirement services.
dateFounded in 1947
location
Seattle, Washington, USA
people-size1001-5000 employees
web-link
http://www.milliman.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Kathy Kalstrup
Chief Operating Officer
linkedin
leader-logo
Amy Litton
DC Operations Support Consultant
linkedin

Recent News

Business Wire
Milliman launches Long-Term Care Index, providing a benchmark for expected lifetime long-term care costs
2026-01-22
Law360
9th Circ. Revives Suit Over Milliman's 'Fuzzy Matching' Tactic
2026-01-11
Business Wire
Milliman analysis: Corporate pensions close 2025 at 108.1% funded thanks to 11.32% annual return
2026-01-08
Company data provided by crunchbase