Company Details
"Thoughtful Minds | Empowering Possibilities"W. R. Berkley Corporation is comprised of 60+ businesses alongside Berkley Technology Services (BTS) and other shared services groups.Here at Berkley Technology Services, the core of our success is our people. Our teams bring their own unique perspective and experiences which enables us to translate the needs of our business to deliver adaptable, secure solutions while providing an unmatched user-focused experience.Our tagline "Thoughtful Minds | Empowering Possibilities" was crafted with our own teams in mind. At BTS, our teams thrive in Berkley's decentralized model - leveraging the power of being part of a long standing, heritage brand with extensive expertise while innovation and being entrepreneurial is encouraged.Internally, we operate as a relatively flat organization valuing communication and feedback. We pride ourselves in an open-door policy where no one is treated differently based on title, fostering a culture of trust, transparency, and engagement.Mission (what we stand for): We believe in the value of every voice, translate needs into capabilities, and secure the future of Berkley.Vision (where we're going): Be the foundation of Berkley through adaptable solutions, resilient environments, and an unmatched experience.Come join us as we push forward into the future of industry leading technological solutions.
The Company is an equal employment opportunity employer.
Responsibilities
The SVP, Head of Security Technology, leads the modernization and delivery of the enterprise's core cybersecurity technology capabilities through an AI-enabled, automation-first, engineering-led model. This role reports to the CISO.
This role is accountable for evolving and integrating:
Security Architecture
Security Engineering
Identity and Access Management (IAM)
Continuous Threat and Exposure Management (CTEM)
The position transforms legacy, siloed security functions (e.g., vulnerability management, attack surface management, application security) into a scalable, intelligence-driven security ecosystem that:
Reduces enterprise risk through engineering and automation
Embeds security into enterprise architecture and technology platforms
Strengthens identity lifecycle governance and compliance
Enables continuous, risk-based exposure management
Improves efficiency, control effectiveness, and compliance readiness
Drives alignment between cybersecurity capabilities and business risk priorities, ensuring security investments directly support enterprise resilience, customer trust, and growth objectives
Responsibilities
Report to the CISO and lead the strategic execution across a team of security directors, managers, architects, engineers and analysts across multiple security technology disciplines.
Security Architecture
Define enterprise security architecture strategy, standards, and roadmaps
Embed secure-by-design principles across cloud, applications, data, and AI
Establish reusable design patterns and reduce exception-based approvals
Integrate security into transformation and modernization efforts
Lead Zero Trust security architecture strategy and adoption across identity, network, application, and data layers
Establish reference architectures for multi-cloud and hybrid environments, including CNAPP, CIEM, and data protection controls
Security Engineering
Lead engineering and lifecycle management of security platforms and controls
Establish automation-first operations (API, orchestration, policy-as-code)
Standardize tooling and reduce manual processes through automation
Improve platform resilience, telemetry, and service performance
Transition to a product and platform-based security engineering model with defined service ownership, SLAs, and performance metrics
Drive rationalization of security tools and vendors to reduce cost and complexity while improving capability coverage
Identity and Access Management (IAM) - User Administrative Lifecycle Scope
Lead and own overarching IAM strategy and lifecycle governance, including:
Provisioning (joiners), Access changes (movers), De-provisioning (leavers)
Enhance user access reviews and certifications
Implement, enhance and automate segregation of duties (SoD) monitoring and governance
Design and implement role and entitlement management capabilities
Enable access-related compliance and audit readiness in preparation for continuous control monitoring and assessment in alignment with Governance Risk and Control Function
Ensure least privilege, timely access removal, and reduction of orphaned accounts
Integrate IAM with HR, applications, and enterprise platforms
Enhance privileged access management and management of non-human identities in preparation for advanced agentic AI capabilities
Advance privileged access, machine identity, and non-human identity security in support of automation, cloud, and AI use cases
Implement identity-centric Zero Trust controls and continuous authentication models
Continuous Threat and Exposure Management (CTEM)
Transform vulnerability, attack surface, and application security into a unified CTEM function
Implement continuous, threat-informed prioritization of exposures
Align findings to asset criticality and business risk
Improve remediation effectiveness and reduce exploitable attack paths
Enhance asset visibility, ownership clarity, and dependency mapping
Partner with Security Operations and Security Incident and Response functions to coordinate a unified approach across teams
Establish attack path analysis and exploitability-based risk prioritization to reduce material exposure
Define measurable outcomes such as reduction in attack surface, time-to-remediation, and control effectiveness
AI and Automation Enablement
Deploy AI and analytics to improve prioritization and decision-making
Automate repetitive security processes and control validation
Enhance reporting, telemetry, and audit evidence generation
Partner with Head of Security AI to establish secure AI lifecycle practices, including model governance, data protection, prompt security, and third-party AI risk management
Partner with Head of Security Operations to leverage AI to enhance threat detection, anomaly identification, and predictive risk analytics
DevSecOps and Secure Development
Embed security into the software development lifecycle (SDLC), CI/CD pipelines, and developer workflows
Partner with engineering teams to implement scalable DevSecOps practices and developer-friendly security tooling
Operating Model, Leadership and Other Requirements
Establish a global operating model with clear accountability, service ownership, and capability maturity roadmaps
Develop business cases tied to measurable risk reduction, operational efficiency, and cost optimization
Partner with executive leadership and provide board-level reporting on security posture, risk trends, and investment impact
Technology first leader with very strong interpersonal skills with demonstrated ability to build and maintain strong relationships and partnerships vertically and horizontally across a mix of business, technology, legal, HR, risk and audit leaders and practitioners
Establish a product- and platform-based security technology operating model
Define core requirements that evidence demonstrable risk reduction and can be measured using KPIs/KRIs in conjunction with the metrics and analytics program
Drive roadmap, investment prioritization, and tool rationalization
Drive budgetary discipline through management of finances, including the build of defendable business cases
Lead and develop high-performing, multi-disciplinary teams in a positive and respectful capacity leading to high engagement across all disciplines
Organically improve the security posture of the organization by ensuring the incorporation of secure principles into every phase of the design, development, deployment, and operation of systems and solutions
Assess current environment and design a target state architecture with all accompanying diagrams and documentation as required by architecture teams
Provide top-level support as needed on security and operational related issues
Represent information security interests on various project teams and special assignments as directed
Active in a continuous improvement of the existing process, methodologies, technologies and practices
Provide top-level on-call support as required for this type of role, which is factored into the compensation for this role
Resilience and Risk Integration
Partner with Security Operations and Incident Response to improve cyber resilience, recovery readiness, and crisis response integration
Ensure alignment with enterprise risk management and regulatory expectations through continuous control monitoring
Qualifications
- 15+ years’ experience in a cybersecurity role with at least 5 as head of senior most security architect
- Previous and progressive experience in a technical security leadership position.
- Demonstrated experience modernizing security organizations (tool consolidation, automation, operating model redesign)
- Strong expertise in cloud-native security, Zero Trust, IAM, and CTEM practices
- Experience integrating cybersecurity with AI/ML technologies and governance frameworks
- Strong strategic thinking and decision-making capabilities
- Experience managing budgets, vendors, and large-scale programs
- Track record of delivering measurable improvements in risk reduction, efficiency, and security posture
- Disciplined thinker with structured approach to security architecture and strategic planning
- Inherent intellectual capability and curiosity to learn complex processes.
- Proven thought leadership, strategic thinking and decision-making.
- Must have strong analytical and problem-solving skills with the capability to identify solutions to unusual and complex problems.
- CISSP certification is strongly preferred
- Direct security related AI, networking, infrastructure, cloud, operating system, development, cloud, database experience is required
- Must be able to demonstrate proficiency in a wide range of security technologies, embedded security, and network platforms – in a global institution
- Ability to balance multiple priorities in high pressure situations
- Project, portfolio and resource management experience is required
- Must be willing to travel (Domestic and International) as required, but not to exceed 30-40%
Education Requirement:
Bachelors Degree in Computer Science, Information Technology, Information Systems, or a related discipline. Equivalent experience and/or alternative qualifications will be considered.