Director of Security Governance

Remote Chief Legal Office - Security & Privacy Full-Time
ABOUT BESTOW

Bestow is the leading digital platform for life insurance. As both a direct-to-consumer destination and an infrastructure provider, Bestow is on a mission to make life insurance accessible to millions of underserved families. 

We strive for work-life balance and believe happy employees make for better experiences and happier customers.  It’s a model that helped us land on Forbes’ Best Startup Employers 2021 and 2022 lists!


ABOUT THE TEAM

You will support our company-wide Security Program and will be responsible for developing and running the Security Governance Program to protect our customers and company data. 
 
You are a subject matter expert in Cyber Security Frameworks, have experience in control testing, have participated and contributed to numerous audits throughout your career, and have experience navigating the regulatory security control requirements - both Federal and State levels. 
 
You are a highly experienced governance, risk, and compliance expert with a focus on Cyber Security. You are skilled at building a strong partnership with business leaders and co-workers to help process owners be successful during audits. You have a passion for educating individuals on the importance and business impact of conducting audits and have a knack for creating buy-in.

Open to Austin, TX, Dallas, TX, Remote (US) #LI-Remote

THIS ROLE REPORTS TO

Chief Security Officer 
THE ROLE
  • Design and implement effective and efficient information security control processes that support and drive compliance to Bestow Information Security Policies, Standards, and applicable regulatory requirements. 
  • Act as Project Manager for the CSO's office, taking the lead on initiatives and implementations, guiding projects to completion on time and on budget.
  • Lead and collaborate with IT, Legal, Finance, Insurance Operations, External Examiners, and business areas appropriate during audit exams. 
  • Collaborate with internal stakeholders, gather information, create reports, and analyze the state of security and controls against best practices. 
  • Act as project lead for Security related initiatives partnering with Business leaders to ensure buy-in for corporate-wide Security improvements. 
  • Partner with Legal, IT, and the CSO to work with external auditors during gap assessments and audit engagements.
  • Partner with IT to collect required artifacts for audit.
  • Establish and lead a Business Continuity steering committee to ensure continuity objectives are completed annually, and documentation is completed with the most thorough and accurate information.
  • Partner with third parties to conduct assessments and exercises that benefit the maturity of Business Continuity, Disaster Recovery, and Incident Response initiatives.  
  • Conduct periodic training for employees to include tabletop exercises that improve Business Continuity, Disaster Recovery, and Incident Response. 
  • Act as a lead during incidents to ensure the policy is followed and all necessary artifacts are retained. Coordinate with law enforcement and third-party digital forensics as appropriate.
  • Produce metrics that demonstrate and measure the current efficacy of the Business Continuity Program, including Disaster Recovery and Incident Response. 
  • YOUR EXPERIENCE
  • 10 years of Information Security Experience.
  • Industry Information Security certifications (ie. CISSP, CISM, Security+).
  • A self-starter, comfortable working with cloud infrastructure, software development, and information security risk issues.
  • Prior experience working with external auditors and auditing firms to review internal controls and collect accurate evidence for assessments.
  • Familiar with Risk Management frameworks and common industry methodologies for addressing risk.
  • In-depth knowledge of Industry Standard Security controls, tools, and processes and experience implementing Controls to meet audit requirements.
  • Knowledge of information technology and/or Business Continuity and Incident Response frameworks and common practices.
  • Ability to develop security policies, standards, and guidelines based on best practices and industry frameworks.
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
  • Information security governance, risk, and/or compliance experience in Life Insurance & Financial Services or federal/state/local government including documenting risk and compliance activities.

  • TOTAL REWARDS

    Competitive salary and equity based on role
    Annual bonus based on company and individual performance
    Flexible PTO plan
    100% paid premiums for medical, dental, and vision insurance
    Paid parental leave
    Annual lifestyle spending account to support your physical, emotional, and financial wellbeing
    Flexible work-from-home policy and open to remote
    Learning & Development opportunities


    We value diversity at Bestow. We hire, recruit, and promote without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, pregnancy or maternity, veteran status, or any other status protected by applicable law. We understand the importance of creating a safe and comfortable work environment and encourage individualism and authenticity in every member of our team.