Insurance is a trillion dollar market that is fundamental to society and touches every part of the economy, yet it has not modernized. Newfront is the modern insurance brokerage and we’re building the future of work for this antiquated industry. By combining world-class insurance expertise with modern technology, we've reimagined the insurance experience for clients.

Our vision is to de-risk human progress. Find out more about our values.

About the role

We are seeking an experienced and operationally-focused Director of Security and Compliance. This person will oversee the security of our applications, products, and data, while ensuring adherence to critical compliance frameworks such as SOC2 and HIPAA. Importantly, this person will be the main point of contact for security-related questions from Newfront clients and prospects.

You will report directly to the Chief Technology Officer and identify cross functional partners and outside resources needed to drive security and compliance across Newfront.

Key responsibilities:

• Lead application and product security efforts, including vulnerability monitoring, penetration testing, and red team exercises.
• Maintain and oversee compliance with industry standards such as SOC2, HIPAA, and ISO 27001.
• Ensure compliance alignment with evolving business needs, client requirements, and regulatory changes, including adopting additional certifications.
• Develop and manage processes for rapid response to security inquiries from prospects and clients during RFPs and the sales process, ensuring a tight SLA on requests.
• Collaborate with Engineering and DevOps teams to enhance cloud security for AWS and other environments.
• Oversee incident response efforts in coordination with external security partners, such as Arctic Wolf, to mitigate and resolve security threats.
• Establish and maintain a comprehensive security package for use in sales and client communications.
• Ensure effective endpoint security and asset management across corporate devices, including laptops and mobile devices. We’re currently using Kandji and Microsoft Intune.
• Manage governance, risk, and compliance (GRC) initiatives, ensuring internal and external adherence to best practices and frameworks.
• Collaborate cross-functionally to implement secure onboarding/offboarding processes, integrating with identity management systems like Okta.
• Stay current with emerging security threats and ensure continuous improvement in security operations and practices across the organization.

Minimum requirements:

• 5+ years of experience in application security, product security, and compliance management, with a strong operational focus.
• Proven experience with industry standards and compliance frameworks such as SOC2, HIPAA, ISO 27001, and NIST.
• Extensive track record overseeing a secure environment for storing confidential customer and PII data.
• Hands-on experience with security information management tools (e.g. Vanta, Arctic Wolf), penetration testing, and incident response processes.
• Strong understanding of cloud security, particularly in AWS.
• Familiarity with Okta for identity and access management.
• Excellent communication and collaboration skills, with the ability to respond quickly to security inquiries in high-pressure environments.
• Experience with data security and access control in an environment that leverages BPO (Business Process Outsourcing).