Security & Compliance Director

Come join us, and shape the future of the insurance industry!

Come and join us to shape the future of the insurance industry!

SCOR Digital Solutions is a global insurance consultancy helping insurers worldwide to grow sustainably. A critical part of the SCOR Group, we are specialised in developing industry-leading digital solutions for every part of the consumer journey, from underwriting, to engagement, to claims. By combining SCOR’s comprehensive data and analytical expertise with the award-winning capabilities of our in-house product and technical teams, our solutions are helping insurers to transform the experience of their consumers worldwide. 

Roles & Responsibilities

SCOR Digital Solutions is hiring a Security & Compliance Director to lead its global cybersecurity and compliance program. This strategic role ensures secure-by-design practices across digital products in APAC, EMEA, and the Americas. The director will align with SCOR Group standards, manage certifications (ISO 27001, SOC 2, etc.), and lead a multidisciplinary team of Compliance Officers, Security Admins, and DevSecOps specialists.

Key Responsibilities

1. Security Strategy & Governance

• Define and execute a global security and compliance strategy aligned with SCOR’s risk appetite.
• Ensure adherence to frameworks like ISO 27001, NIST CSF, and CIS controls.
• Lead risk assessments and report on posture and mitigation to executive leadership.

2. Secure Development & DevSecOps

• Embed security into the SDLC, including threat modeling, code reviews, and penetration testing.
• Implement DevSecOps pipelines with automated security checks and developer training.
• Oversee application security assessments and secure coding practices (e.g., OWASP Top 10).

3. Cloud & Infrastructure Security

• Secure multi-cloud environments (AWS, Azure, GCP, Alibaba Cloud) with best practices in IAM, encryption, and monitoring.
• Implement Zero Trust and SASE architectures, manage firewalls, IDS/IPS, and endpoint protection.
• Lead security architecture reviews and adopt innovative technologies (e.g., AI-driven analytics).

4. Security Operations & Incident Response

• Establish and manage a Security Operations Center (SOC) with tools like Microsoft Sentinel.
• Lead threat intelligence, incident response, and vulnerability management programs.
• Serve as incident commander for major breaches and ensure timely resolution and reporting.

5. Compliance & Certifications

• Maintain ISO/IEC 27001, ISO/IEC 27018, and SOC 2 Type 2 certifications.
• Develop and enforce internal policies for data protection, AI usage, and secure coding.
• Ensure compliance with GDPR, NIS2, and other regional regulations; lead internal audits.

6. Client Security Engagement

• Act as the primary contact for client security audits, RFPs, and due diligence.
• Review and negotiate security terms in contracts and ensure obligations are met.
• Communicate transparently during incidents affecting client data.

7. Leadership & Collaboration

• Lead and mentor a global team of security professionals.
• Collaborate with Engineering, DevOps, Legal, and Executive teams to embed security into business processes.
• Manage security budgets, vendors, and third-party risk.

Required skills & experience

Education & Certifications

• Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field.
• Preferred certifications: CISSP, CISM, CISA, ISO 27001 Lead Auditor, CRISC, cloud security credentials.

Experience

• 8+ years in information security, 3+ in leadership roles.
• Proven success in global environments and achieving compliance certifications.
• Hands-on experience in SOC operations, secure development, and SaaS/cloud security.
• Strong client-facing communication and audit readiness.

Technical Expertise

• Secure SDLC, DevSecOps, and vulnerability management.
• Cloud security (AWS, Azure, GCP), network security (SASE, Zero Trust), and data protection.
• Familiarity with SIEM, EDR/XDR, IAM, DLP, and Microsoft Defender/Purview.
• Knowledge of compliance frameworks (ISO, SOC 2, NIST, COBIT) and AI/ML security.

Soft Skills

• Strong leadership, communication, and strategic thinking.
• Ability to influence cross-functional teams and drive a security-first culture.
• High integrity, adaptability, and accountability in a fast-paced, regulated environment.