Head of Security Engineering & Risk - Director Level; Hybrid

Overview

This role is designed for a technically credible security leader who wants more than steady-state security operations. We’re partnering with a fast-scaling, private-equity-backed insurance agency operating across multiple business units and acquired entities. Security is already valued, the next step is to evolve it into a centralized, engineering-led security function capable of supporting continued growth. Importantly, this role offers a natural progression into VP of Security and ultimately CISO, for someone who demonstrates both technical depth and executive judgement.

Identity & Access Management (Foundational)

Identity underpins everything here.

You should bring strong hands-on experience with:

• Microsoft Entra  / Azure AD architecture and governance
• Conditional Access, MFA strategy, Zero Trust identity models
• Privileged Identity Management (PIM) and RBAC
• Identity lifecycle management across employees, vendors, and acquisitions
• SaaS security via SSO, SCIM, and risk-based access controls

This is a design-and-operate role, not just vendor oversight.

You’ll own protection for a highly distributed, business-critical user base.

Experience with:

• Endpoint hardening across Windows/macOS
• Device compliance and conditional access enforcement
• Email security, phishing defense, and user-centric threat mitigation
• Balancing real security with productivity and usability

(Pragmatic, Not Theoretical) This is a modern, SaaS-heavy environment.

You should be comfortable with:

• Securing SaaS applications and cloud workloads
• CASB / SaaS Security Posture Management concepts
• Data protection, DLP, and sensitive data classification
• Partnering with infrastructure and architecture teams on secure-by-design systems

You’ll be accountable for real outcomes, not just frameworks.

• SIEM and security monitoring platforms
• Alert tuning and detection engineering
• Incident response planning, tabletop exercises, and real incidents
• Playbook creation and cross-functional coordination during security events

(Highly Valued)

This company grows through acquisition, security must scale intelligently.

• Integrating newly acquired companies into a common security baseline
• Identity consolidation across tenants and environments
• Managing risk pragmatically during post-acquisition transitions
• Operating in environments where “perfect” isn’t possible on day one

This is where experience and judgement matter more than theory.

(Strong Plus)

Background in an MSP or services-led security environment is highly attractive.

Why?

• Comfort operating across multiple clients, systems, and maturity levels
• Ability to prioritize risk quickly and communicate clearly
• Experience owning outcomes without ideal conditions

Candidates with MSP experience often thrive in this role.

This role suits someone who has been:

• A Senior Security Engineer, Security Architect, or Head/Director of Security
• Operating in PE-backed, acquisitive, or multi-entity organizations
• Comfortable being hands-on while shaping long-term strategy
• Trusted to make risk-based decisions and explain them to executives

You don’t need prior “CISO” title, but you should want that trajectory.

This is a deliberate succession role:

• Short-term:
  Own and elevate the security engineering function
• Mid-term:
  Step into VP-level ownership of security strategy and execution
• Long-term:
  Grow into a CISO role, with board-level visibility and influence

The platform, sponsorship, and growth path are already in place.

• Real technical ownership, not checkbox security
• Exposure to M&A, executive decision-making, and risk ownership
• A leadership path that’s earned, not promised
• Enough complexity to stay interesting, without constant firefighting
• Opportunity to build something durable and respected