Trupanion is a leading provider of medical insurance for cats and dogs in North America. Our mission is to help loving, responsible pet owners budget and care for their pets. Trupanion offers a collaborative, casual, and pet-friendly environment where everyone is encouraged to be themselves.
Job DescriptionWe are seeking a highly experienced and visionary Chief Information Security Officer (CISO) to lead our organization's cybersecurity strategy and protect our digital assets, sensitive data, and information systems. The CISO will oversee the development, implementation, and management of comprehensive security programs and ensure compliance with regulatory requirements. This IT leadership role requires a strategic thinker, strong leadership skills, and technical expertise in cybersecurity practices.
This position is open to candidates in the Seattle area. You will have a hybrid remote/in-office schedule, working from our casual, pet-friendly office at least three days a week.
Key Responsibilities:
Strategic Leadership
Collaborate with CIO to develop and execute a robust enterprise-wide cybersecurity strategy. Align security initiatives with business objectives, ensuring risk mitigation without hindering innovation or operations. Provide expert guidance to the IT leadership team on current and emerging cybersecurity threats and best practices.Risk Management
Identify, evaluate, and mitigate cybersecurity risks through proactive measures and incident response planning. Oversee periodic risk assessments, audits, and penetration tests to maintain a strong security posture. Implement and maintain cybersecurity frameworks, such as NIST, ISO 27001, or similar.Operational Oversight
Lead the design, deployment, and management of security architecture, policies, and procedures. Monitor and respond to security breaches, cyber incidents, and vulnerabilities. Establish and oversee the Security Operations Center (SOC) and incident response teams. Compliance and Governance Ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, NYDFS, PCI DSS, OSHI, SOX). Develop and enforce security policies, standards, and guidelines across the organization. Work closely with legal, compliance, and 3rd party audit teams to address regulatory requirements. Collaboration and Communication Build and maintain relationships with internal stakeholders, including IT, HR, and legal departments. Engage with external partners, such as vendors, insurance agencies, government agencies, and industry groups, to enhance the organization's security framework. Deliver clear and actionable reports on cybersecurity performance and risks to the board of directors and executive management.Team Leadership
Build appropriate org structure and recruit, mentor, and manage a high-performing cybersecurity team. Foster a culture of security awareness and continuous improvement throughout the organization.Qualifications & Experience:
Education and Experience
Bachelor’s or Master’s Degree in Computer Science, Information Security, or a related field. 10+ years of progressive experience in cybersecurity, including leadership. Certifications such as CISSP, CISM, CISA, or equivalent are preferred.Technical Expertise
In-depth knowledge of cybersecurity technologies, tools, and trends. Experience with cloud security, endpoint protection, threat intelligence, and security analytics. Proficiency in developing and managing security budgets and resource allocation.Leadership and Communication
Proven ability to lead cross-functional teams and drive strategic initiatives. Excellent communication and presentation skills, with the ability to convey complex security concepts to non-technical audiences. Strong decision-making, problem-solving, and crisis-management skills.Core Competencies & Skills:
Strategic Thinking and Vision
Ability to develop and execute a long-term cybersecurity strategy aligned with business goals. Awareness of emerging trends, threats, and technologies to future-proof the organization.Risk Management Expertise
Proficient in identifying, assessing, and mitigating risks across the enterprise. Skilled in implementing risk management frameworks (e.g., NIST, ISO 27001). Strong understanding of business impact analysis and prioritization of risk response.Technical Proficiency
Deep understanding of cybersecurity tools, technologies, and practices, including: Network security Endpoint protection Cloud security Threat intelligence Security Information and Event Management (SIEM) systems Hands-on experience with incident response, vulnerability management, and forensics.Leadership and Team Development
Strong leadership skills to inspire and manage cybersecurity teams. Experience in recruiting, mentoring, and retaining top talent in the cybersecurity field. Ability to foster a culture of security awareness across the organization.Regulatory and Compliance Knowledge
Expertise in global and industry-specific compliance requirements, such as: GDPR, NYDFS, OSHI, PCI DSS, SOX Ability to navigate audits and maintain compliance with cybersecurity laws and regulations.Communication and Stakeholder Management
Strong written and verbal communication skills to articulate complex security issues to non-technical audiences. Proficiency in preparing and presenting security updates and risk assessments to the board of directors and C-suite executives. Skilled in collaborating with cross-functional teams and external stakeholders.Incident Response and Crisis Management
Expertise in managing security breaches and developing robust incident response plans. Strong decision-making skills under pressure to minimize damage and ensure swift recovery.Financial Acumen
Ability to develop and manage a cybersecurity budget effectively. Understanding of cost-benefit analysis for security investments and resource allocation.Analytical and Problem-Solving Skills
Proficiency in analyzing large volumes of data to identify potential security issues. Creative problem-solving to develop innovative and effective solutions to complex security challenges.Collaboration and Influence
Adept at building relationships with internal and external stakeholders. Ability to find win-win solutions that balance security needs without stifling innovation or negatively impacting customer experience. Ability to influence organizational culture to prioritize cybersecurity.Ethical Judgment and Integrity
High ethical standards in handling sensitive information and making decisions. Commitment to transparency and accountability in security practices.Compensation:
The pay range for this position is $200-$250K, on a full-time schedule. Along with base salary, Trupanion employees may be eligible for monthly bonuses. We want all employees to be invested in Trupanion’s success, so we grant Restricted Stock Units to all new team members. Our new hire grants vest over 4 years.Additional Information
All your information will be kept confidential according to EEO guidelines.
Benefits and Perks:
Full medical, dental, and vision benefits at no cost to the employeeFour weeks of paid time off and 9 paid float holidays (you can decide which days are most important to you!)Five-week sabbatical after five years of employmentOpen, casual, pet-friendly, and fun office environmentFree medical health insurance for your pet (1 dog or cat)Paid time off to volunteer at nonprofit organizationsSeattle Office Amenities: Free on-site gym, free dog walking services for office pets during business hours, free parking, and paid ORCA cards.For more information about Trupanion, visit https://trupanion.com/about
Learn more about how Trupanion has revolutionized our industry and the reimbursement model: https://www.youtube.com/watch?v=vdWZ4KHiPTQ
Trupanion is an equal-opportunity employer and embraces diversity. We are committed to building a team that represents a variety of backgrounds, abilities, perspectives, and skills.
We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. Please contact us to request accommodations.