Job Description

Chief Information Security Officer (CISO)

Join to apply for the Chief Information Security Officer (CISO) role at Milliman

NOTE TO APPLICANTS: Individuals must be legally authorized to work in the United States without the need for immigration support or sponsorship from Milliman now or in the future.

Position Summary

The Chief Information Security Officer (CISO) is a seniorlevel executive responsible for developing, implementing, and overseeing Millimans global information security program. As a member of Global Corporate Services (GCS) reporting directly to the Chief Information Officer (CIO) and working closely with the CEO, Board of Directors, and Equity Principals, the CISO ensures the confidentiality, integrity, and availability of Millimans information assets, technology infrastructure, and data across all practices and geographies.

This role provides strategic leadership, vision, and governance for all aspects of information security, aligning security initiatives with business objectives and regulatory requirements.

Responsibilities

Strategic Leadership & Governance

• Drive the information security function across Milliman, ensuring alignment with organizational goals.
• Establish and implement a global information security vision and strategy by collaborating with the Board, senior leaders, and Equity Principals.
• Design and deliver the security roadmap, including staffing and budget plans, and manage the approved corporate information security budget.
• Serve as an expert advisor to the Board and senior leadership on IT security matters.
• Facilitate organizationwide security enhancements that integrate business objectives with IT infrastructure, physical infrastructure, and human resources.
• Act as the primary change agent facilitating information security improvements in security culture, business relationships, and product/service design.
• Chair the Security Technology Steering Group (STSG).

Risk Management & Compliance

• Collaborate with senior leadership on ITrelated risk management to identify, assess, and address risks.
• Oversee the development, implementation, and maintenance of global information security policies, standards, guidelines, and procedures.
• Ensure compliance with relevant laws, regulations, and industry frameworks (e.g., ISO 27001, HIPAA, HITRUST, SOC 2).
• Partner with the Legal Department to maintain a collaborative approach to information security and privacy.
• Manage thirdparty/vendor security risk programs and ensure alignment with corporate policies.
• Serve as a voting member of the Enterprise Risk Management Committee and Technology Operations Committee and act as a key advisor to senior leadership on IT security matters.

Incident Response & Operational Oversight

• Oversee emergency procedures and incident response protocols, serving as the control point during significant security incidents.
• Direct teams to detect, report, contain, and mitigate incidents impacting data and infrastructure security.
• Oversee periodic security reviews of all business units and present findings to the Enterprise Risk Committee and Board.
• Partner with the Legal team in response to privacy incidents and significant events.
• Collaborate with IT teams to develop, evaluate, and improve network disaster recovery plans.
• Maintain relationships with law enforcement and relevant government agencies in support of the information security program.

Program Development & Stakeholder Engagement

• Develop and implement enterprisewide security awareness training.
• Build and report on metrics and KPIs to measure program effectiveness.
• Recommend security enhancements and purchases consistent with evolving threats and strategic objectives.
• Stay current on technological advances and identify opportunities for adoption within Milliman.
• Provide coordination, communication, and dissemination of best practices across the organization.
• Support Equity Principals and their practices in securityrelated matters consistent with GCS service expectations.

Skills & Qualifications Required

• Bachelors degree in Computer Science, Computer Engineering, Information Systems, or related discipline.
• The ideal candidate must possess certification(s): Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
• The ideal candidate must have 10+ years in management of business or technology organizations, with demonstrated competency in strategic thinking, leadership, and relationship management, and enterpriselevel responsibility.
• The ideal candidate must have 7+ years of direct management experience overseeing security teams and budgets.
• The ideal candidate must have previous experience with regulatory compliance frameworks such as ISO 27001/2, HIPAA, HITRUST, and SOC 2.
• The ideal candidate must have previous experience with cloud security control design and management experience.
• The ideal candidate must have thorough knowledge of finance, budgeting, project management, and systems development lifecycle.
• The ideal candidate must have knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, and web services.
• Must have demonstrated leadership in multidiscipline, highperformance teams, including supervision and professional development of technical staff.
• Must have proven ability to work with geographically diverse offices in a global organization.
• Must have excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across broad groups.
• Must have the ability to deal effectively with concrete, tangible issues as well as abstract, conceptual matters.
• Must have demonstrated thought leadership in information security and creating innovative, scalable business solutions with the ability to lead and motivate crossfunctional, interdisciplinary teams.
• Must have strong time management skills, ability to handle multiple projects concurrently, and the capacity to be flexible and nimble as business needs change and evolve.

Skills & Qualifications Preferred

• Advanced degree (masters or PhD) in Information Security, Computer Science, or related field.
• Experience within consulting or professional services organizations.
• Familiarity with enterpriselevel cloud technologies, defect tracking tools, agile management tools, and Microsoft Suite.
• Additional certifications (e.g., GIAC, CCSP, CRISC, PMP).

Location

This is a remote role. The expected application deadline for this job is December15th,2025.

Compensation

The overall salary range for this role is $203,200-$397,210.

For candidates residing in Alaska, California, Connecticut, Illinois, Maryland, Massachusetts, New Jersey, NewYork City, Newark, San Jose, San Francisco, Pennsylvania, Virginia, Washington, or the District of Columbia the salary range is $233,680-$397,210.

All other locations the salary range is $203,200-$345,400.

A combination of factors will be considered, including, but not limited to, education, relevant work experience, qualifications, skills, certifications, etc.

Benefits

• Medical, Dental and Vision Coverage for employees, dependents, and domestic.
• Employee Assistance Program (EAP) Confidential support for personal and workrelated.
• 401(k) Plan Includes a company matching program and profitsharing.
• Discretionary Bonus Program Recognizing employee.
• Flexible Spending Accounts (FSA) Pretax savings for dependent care, transportation, and eligible medical expenses.
• Paid Time Off (PTO) Begins accruing on the first day of Fulltime employees accrue 15 days per year, and employees working less than fulltime accrue PTO on a prorated basis.
• Holidays A minimum of 10 paid holidays per.
• Family Building Benefits Includes adoption and fertility.
• Paid Parental Leave Up to 12 weeks of paid leave for employees who meet eligibility.
• Life Insurance & AD&D 100% of premiums covered by.
• ShortTerm and LongTerm Disability Fully paid by.

About Milliman

Independent for over 75 years, Milliman delivers marketleading services and solutions to clients worldwide. Today, we are helping companies take on some of the worlds most critical and complex issues, including retirement funding and healthcare financing, risk management and regulatory compliance, data analytics and business transformation.

Milliman invests in skills training and career development and gives all employees access to a variety of learning and mentoring opportunities. Our growing number of Milliman Employee Resource Groups (ERGs) are employeeled communities that influence policy decisions, develop future leaders, and amplify the voices of their constituents. We encourage our employees to give back to their varied professions, including leadership in professional organizations. Please visit our web site ( to learn more about Millimans commitments to our people, inclusion, and sustainability.

Through a team of professionals ranging from actuaries to clinicians, technology specialists to plan administrators, we offer unparalleled expertise in employee benefits, investment consulting, healthcare, life insurance, financial services]]> <

Job Tags

Similar Jobs