More than 35 years ago, SelectQuote was founded on one core promise: to help our customers protect the people they value most. We pioneered the way consumers shopped for term life insurance, and now, we also help people find home insurance, auto insurance, senior health insurance and more. Our quick and easy process saves consumers both time and money, and today, more than 2 million families trust us to help them with their insurance needs.
 
But what truly sets us apart is our people, and the opportunities to grow your career with SelectQuote are unmatched.

The Senior Vice President, IT Security & Governance, Risk, and Compliance (GRC) is a key executive leadership role responsible for the design, execution, and continuous maturity of the enterprise-wide Information Security and Data Protection program. This leader reports directly to the head of IT and serves as the principal executive authority for all Information Technology General Controls (ITGCs) and their adherence to stringent regulatory and compliance mandates, including SOX, SOC, and HITRUST.

This strategic position requires a deep fusion of technical mastery and executive engagement. The SVP acts as the primary conduit to the Board of Directors (BOD) and the Audit Committee, advising them on the organization's cyber risk posture and security investments. The SVP is charged with ensuring the protection of all corporate and customer data assets while maintaining the highest level of regulatory compliance.

Supervisory Responsibilities:

• This position has direct supervisory responsibilities.

Essential Duties and Responsibilities:

The SVP, IT Security & GRC is accountable for the following strategic and operational functions:

1. Strategic Leadership and Program Oversight

• Develop and champion a visionary Information Security and Cyber Resilience strategy that is seamlessly aligned with the long-term business objectives and risk appetite of the organization.
• Provide strategic direction and oversight for Security Architecture and Engineering, ensuring the design and implementation of security controls and infrastructure aligns with policy, risk appetite, and threat posture.
• Lead and manage the Security Operations, GRC, and Security Policy teams, ensuring a proactive defense posture against emerging threats.
• Establish and enforce a robust set of security policies, standards, and procedures, fostering a security-first culture across all business units.
• Define, track, and report on Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure program effectiveness and communicate the security landscape to executive stakeholders.

2. Governance, Risk, and Compliance (GRC) Executive Function

• Serve as the Executive Sponsor for all IT General Controls (ITGCs), ensuring their effective design, implementation, and rigorous testing across all technology environments.
• Own the full lifecycle of compliance and assurance programs, specifically driving successful external audits for Sarbanes-Oxley (SOX), SOC reports, and maintaining continuous certification with standards such as HITRUST.
• Establish, manage, and enforce a Corrective Action Preventive Action (CAPA) process to address and remediate all audit findings, security deficiencies, and compliance gaps effectively and on schedule.
• Direct the Enterprise Risk Management program for IT, identifying, quantifying, and mitigating cyber and technology risks through a structured and business-aligned methodology.
• Govern and provide strategic review of the Incident Response, Business Continuity, and Disaster Recovery programs, validating their alignment with regulatory requirements, organizational policies, and conducting executive-level crisis simulation exercises.
• Oversee all third-party and supply chain risk management, conducting continuous security due diligence to protect the organization from external vulnerabilities.

3. Board and Executive Engagement

• Act as the primary interface and presenter to the Board of Directors and Audit Committee, communicating security risks in financial and business context, and advocating for necessary strategic investments.
• Partner with the head of IT and C-suite to embed security into all major corporate initiatives, digital transformations, and technology governance decisions.
• Cultivate cross-functional collaboration between IT, Legal, Internal Audit, Compliance, and business units to ensure a unified approach to risk and compliance.

Skills/Abilities:

• Executive Leadership: Demonstrated ability to lead, inspire, and manage high-performing IT Security and GRC teams in a complex, corporate environment.
• GRC Expertise: Deep, practical knowledge of industry security frameworks (e.g., NIST, ISO 27001) and complex regulatory compliance mandates (SOX, SOC, HITRUST).
• Technical Acumen: Strong technical foundation in security operations, cloud security, network security, and security architecture to effectively direct and govern technical teams.
• Strategic Communication: Exceptional ability to communicate security, risk, and compliance concepts to technical staff, non-technical business leaders, and the Board of Directors in a clear, concise, and business-relevant manner.
• Risk Quantification: Proven skill in assessing, quantifying, and translating cyber risk into tangible business impact and financial terms for senior leadership decision-making.
• Operational Execution: Strong project management, change management, and operational execution skills necessary to drive large-scale security and compliance initiatives to completion.

Education and Experience:

• Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree or higher strongly preferred).
• 15+ years of progressive experience in Information Security, Technology Risk, or related executive leadership roles.
• Proven track record of successfully developing and leading a security organization, including the implementation of effective security controls and driving major compliance initiatives (e.g., SOX, SOC, HITRUST).
• Demonstrated experience in managing security within a complex, regulated environment.

Certificates/Licenses/Registration

• Relevant professional certifications such as CISSP, CISM, CISA, or CRISC are required.

 
Financial Responsibilities (budget, revenue):

• This position has budget responsibility, authority and/or level of control.

Physical Requirements:

• Work is performed indoors with potential for exposure to safety and health hazards related to office work. Could periodically travel to other office and operational sites.  The noise level in the work environment is usually moderate.
• Prolonged periods of sitting at a desk and working on a computer. 

SelectQuote Core Values:

Service: We create positive customer experiences. 

Entrepreneurship: We create innovate & take risks. 

Leadership: We build & invest in high-performing teams. 

Empowerment: We embrace a changing environment. 

Courage: We challenge the status quo & drive continuous improvement.

Teamwork: We help support & celebrate each other.

Disclaimer: The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required.