Chief Information Security Officer (CISO)

NOTE TO APPLICANTS: Individual(s) must be legally authorized to work in the United States without the need for immigration support or sponsorship from Milliman now or in the future

POSITION SUMMARY:

The Chief Information Security Officer (CISO) is a senior-level executive responsible for developing, implementing, and overseeing Milliman's global information security program. As a member of Global Corporate Services (GCS) reporting directly to the Chief Information Officer (CIO) and working closely with the CEO, Board of Directors, and Equity Principals, the CISO ensures the confidentiality, integrity, and availability of Milliman's information assets, technology infrastructure, and data across all practices and geographies.

This role provides strategic leadership, vision, and governance for all aspects of information security, aligning security initiatives with business objectives and regulatory requirements.

RESPONSIBILITIES:

Strategic Leadership & Governance

• Drive the information security function across Milliman, ensuring alignment with organizational goals.
• Establish and implement a global information security vision and strategy by collaborating with the Board, senior leaders, and Equity Principals.
• Design and deliver the security roadmap, including staffing and budget plans, and manage the approved corporate information security budget.
• Serve as an expert advisor to the Board and senior leadership on IT security matters.
• Facilitate organization-wide security enhancements that integrate business objectives with IT infrastructure, physical infrastructure, and human resources.
• Act as the primary change agent facilitating information security improvements in security culture, business relationships, and product/service design.
• Chair the Security Technology Steering Group (STSG).

Risk Management & Compliance

• Collaborate with senior leadership on IT-related risk management to identify, assess, and address risks.
• Oversee the development, implementation, and maintenance of global information security policies, standards, guidelines, and procedures.
• Ensure compliance with relevant laws, regulations, and industry frameworks (e.g., ISO 27001, HIPAA, HITRUST, SOC 2).
• Partner with the Legal Department to maintain a collaborative approach to information security and privacy.
• Manage third-party/vendor security risk programs and ensure alignment with corporate policies.
• Serve as a voting member of the Enterprise Risk Management Committee and Technology Operations Committee and act as a key advisor to senior leadership on IT security matters.

Incident Response & Operational Oversight

• Oversee emergency procedures and incident response protocols, serving as the control point during significant security incidents.
• Direct teams to detect, report, contain, and mitigate incidents impacting data and infrastructure security.
• Oversee periodic security reviews of all business units and present findings to the Enterprise Risk Committee and Board.
• Partner with the Legal team in response to privacy incidents and significant events.
• Collaborate with IT teams to develop, evaluate, and improve network disaster recovery plans.
• Maintain relationships with law enforcement and relevant government agencies in support of the information security program.

Program Development & Stakeholder Engagement

• Develop and implement enterprise-wide security awareness training.
• Build and report on metrics and KPIs to measure program effectiveness.
• Recommend security enhancements and purchases consistent with evolving threats and strategic objectives.
• Stay current on technological advances and identify opportunities for adoption within Milliman.
• Provide coordination, communication, and dissemination of best practices across the organization.
• Support Equity Principals and their practices in security-related matters consistent with GCS service expectations.

SKILLS & QUALIFICATIONS REQUIRED:

• Bachelor's degree in Computer Science, Computer Engineering, Information Systems, or related discipline.
• The ideal candidate must possess certification (s): Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
• The ideal candidate must have 10+ years in management of business or technology organizations, with demonstrated competency in strategic thinking, leadership, and relationship management, and enterprise-level responsibility.
• The ideal candidate must have 7+ years of direct management experience overseeing security teams and budgets.
• The ideal candidate must have previous experience with regulatory compliance frameworks such as ISO 27001/2, HIPAA, HITRUST, and SOC 2.
• The ideal candidate must have previous experience with cloud security control design and management experience.
• The ideal candidate must have thorough knowledge of finance, budgeting, project management, and systems development lifecycle.
• The ideal candidate must have knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, and web services.
• Must have demonstrated leadership in multi-discipline, high-performance teams, including supervision and professional development of technical staff.
• Must have proven ability to work with geographically diverse offices in a global organization.
• Must have excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across broad groups.
• Must have the ability to deal effectively with concrete, tangible issues as well as abstract, conceptual matters.
• Must demonstrated thought leadership in information security and creating innovative, scalable business solutions with the ability to lead and motivate cross-functional, interdisciplinary teams.
• Must have strong time management skills, ability to handle multiple projects concurrently, and the capacity to be flexible and nimble as business needs change and evolve.

SKILLS & QUALIFICATIONS PREFERRED:

• Advanced degree (master's or PhD) in Information Security, Computer Science, or related field.
• Experience within consulting or professional services organizations.
• Familiarity with enterprise-level cloud technologies, defect tracking tools, agile management tools, and Microsoft Suite.
• Additional certifications (e.g., GIAC, CCSP, CRISC, PMP).

LOCATION:

This is a remote role. The expected application deadline for this job is December 15^th, 2025

COMPENSATION:

The overall salary range for this role is $203,200 - $397,210. For candidates residing in:

• Alaska, California, Connecticut, Illinois, Maryland, Massachusetts, New Jersey, New York City, Newark, San Jose, San Francisco, Pennsylvania, Virginia, Washington, or the District of Columbia the salary range is $233,680 - $397210.
• All other locations the salary range is $203,200 - $345,400.

A combination of factors will be considered, including, but not limited to, education, relevant work experience, qualifications, skills, certifications, etc.

BENEFITS:

We offer a comprehensive benefits package designed to support employees' health, financial security, and well-being. Benefits include:

• Medical, Dental and Vision - Coverage for employees, dependents, and domestic
• Employee Assistance Program (EAP) - Confidential support for personal and work-related
• 401(k) Plan - Includes a company matching program and profit-sharing
• Discretionary Bonus Program - Recognizing employee
• Flexible Spending Accounts (FSA) - Pre-tax savings for dependent care, transportation, and eligible medical expenses.
• Paid Time Off (PTO) - Begins accruing on the first day of Full-time employees accrue 15 days per year, and employees working less than full-time accrue PTO on a prorated basis.
• Holidays - A minimum of 10 paid holidays per
• Family Building Benefits - Includes adoption and fertility
• Paid Parental Leave - Up to 12 weeks of paid leave for employees who meet eligibility
• Life Insurance & AD&D - 100% of premiums covered by
• Short-Term and Long-Term Disability - Fully paid by

ABOUT MILLIMAN:

Independent for over 75 years, Milliman delivers market-leading services and solutions to clients worldwide. Today, we are helping companies take on some of the world's most critical and complex issues, including retirement funding and healthcare financing, risk management and regulatory compliance, data analytics and business transformation.

Milliman invests in skills training and career development and gives all employees access to a variety of learning and mentoring opportunities. Our growing number of Milliman Employee Resource Groups (ERG's) are employee-led communities that influence policy decisions, develop future leaders, and amplify the voices of their constituents. We encourage our employees to give back to their varied professions, including leadership in professional organizations. Please visit our web site (https://www.milliman.com/en/social-impact) to learn more about Milliman's commitments to our people, inclusion, and sustainability.

Through a team of professionals ranging from actuaries to clinicians, technology specialists to plan administrators, we offer unparalleled expertise in employee benefits, investment consulting, healthcare, life insurance and financial services, and property and casualty insurance.

EQUAL OPPORTUNITY:

All qualified applicants will receive consideration for employment, without regard to race, color, religion, sex, sexual orientation, national origin, disability, or status as a protected veteran.