Leadership Solutions

AVP - Chief Information Security Officer


Grange Insurance


Columbus, OH


Ensure that data information assets are adequately protected, and that Grange Insurance is in compliance with all current and future regulations through advancement of our enterprise-wide information security, governance, and compliance program. Oversee and continue to improve the operational effectiveness of the Security Architecture and Engineering practices, ensuring teams are appropriately staffed with the required competencies while fostering a diverse and inclusive workplace. Facilitate collaboration between the business units, audit, legal, enterprise risk and technology. Educate and communicate on the importance of cybersecurity to the ongoing operations and success of the entire organization. Represent Grange Insurance as a recognized expert in information security matters - including activities such as speaking engagements, formal publications, and participating at industry events.


  • Utilize existing industry standard/framework such as NIST CSF to facilitate an information security governance function. Demonstrated knowledge of other common risk management frameworks, such as ISO/IEC 27001, ITIL, etc.
  • Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled or/and processed by our company.
  • Advance the information security vision and strategy that is aligned with organizational priorities.
  • Enables the organization's business objectives in a secure manner and ensures senior stakeholder buy-in.
  • Develop, enhance and maintain information security policies, standards, and guidelines.

Please see complete job description online.


Must be comfortable working in a fast-paced, collaborative environment, elevating the information security strategy for Grange Insurance and evolving the security roadmap to achieve strategic goals. Must have a proven track record in information security, including a strong executive presence and outstanding communication skills. Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired. Graduate degree in Computer Science, Business Administration or related field preferred. Seven to ten years of relevant experience in risk management and/or information security and knowledge of EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Demonstrated experience formulating the cost benefit of security initiatives in the context of overall business risk mitigation and the company’s operational objectives - must be able to compare, contrast and prioritize among alternative approaches to meet those objectives. Must be a problem solver/decision maker, adept at working across a complex enterprise that includes incident management, threat and vulnerability assessment, customer privacy, broad systems integration, and risk management and control programs. Demonstrated Executive-level written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences up through and including the company officers, Senior Leadership Team, or Board of Directors.

How to Apply:

Apply online