Director of Information Security

Director of Information Security

MLMIC Insurance Company is based in New York state and has specialized in providing professional liability for NY physicians since 1975.  After operating independently and as a mutual insurance company for most of its existence, MLMIC was purchased by Berkshire Hathaway in the fall of 2018.

With home offices based in New York City, East Meadow, Syracuse, and Latham, but with staff now working remotely, we continue to be the largest writer of professional medical liability insurance in the State of New York. We insure physicians, dentists, hospitals, and long-term care facilities. We are currently seeking a Director of Information Security.  This role is integral in defining the fundamental principles for the protection of MLMIC information resources and the proper controls needed to ensure compliance with internal and external regulations, while supporting the business needs of the company.  We offer a competitive salary, commensurate with experience.

Position Description:

  • Oversee information security policies.
  • Determine security controls based on the level of risk associated with IT systems.
  • Provide strategic leadership while updating Information Security program.
  • Manage and improve information security while mitigating risk.
  • Partner with CIO to develop, implement and maintain information systems.
  • Ensure best practice control objectives achieving protection of information assets.
  • Guide senior leadership by making recommendations for priority projects to mitigate risk.
  • Strengthen defenses and reduce vulnerabilities for MLMIC’s information assets.

Primary Responsibilities:


  • Develop, manage, and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
  • Develop an IT security architecture roadmap that will identify security controls and identify and assess technologies that will enforce the organization’s security priorities.
  • Develop, maintain, and promote information security policies, standards and guidelines, ensuring that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
  • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings with collaboration of the compliance team members.
  • Manage and improve the process to manage vendor risk, including assessment and remediation efforts to address such risks that may result from partners, consultants and other service providers.
  • Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
  • Review and update the process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident with the appropriate parties.
  • Identify, assess, and prioritize IT risks to corporate data and systems, including external threats, cyber-crimes, internal threats and third-party risks.
  • Coordinate the monitoring and regular testing of plans and procedures to ensure that business-critical services are recovered in the event of a security event, providing direction, support and in-house consulting in these areas.
  • Effectively manage an information security budget and monitor for variances.
  • Provide regular reporting on the current status of the information security program to the senior leadership team.


Required qualifications:


  • Bachelor’s degree in Information Security, Computer Science, Management of Information Systems or related field required. Master’s degree preferred.
  • Minimum of 8 years of experience in a combination of Risk Management, Information Security and Information Technology fields.
  • Minimum of 4 years of experience in a senior leadership role.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as NYS DFS, SOX, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines as they are updated by the Federal Government.
  • Knowledge of common information security management frameworks, such as NIST.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Exhibit excellent analytical skills, the ability to manage multiple, inter-disciplinary projects as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Project management skills: financial/budget management, scheduling and resource management.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision.


As a result of the current health crisis, our I.T. team is now working remotely.  Although the candidate would work remotely for an indefinite period, a geographic location in the New York metropolitan area would be a plus. To apply for this position, please apply online or submit your resume to Gabriella Alaimo, H.R. Generalist at

Job: Director of Information Security
Location: New York City