Director of Cybersecurity & AI Risk

Summary: We are seeking a forward-thinking Director of Cybersecurity & AI Risk to protect and future-proof our technology operations. This role blends traditional cybersecurity leadership with emerging responsibilities in AI implementation, utilization, and risk governance. The ideal candidate will secure enterprise infrastructure, guide responsible AI adoption, and ensure compliance with evolving regulatory frameworks such as NIST CSF and NIST AI RMF.

Essential Duties and Responsibilities 

• Lead the design and implementation of network security architecture, including firewalls, IDS/IPS, AV software, cryptography systems, VPNs, and segmentation strategies to protect enterprise systems, including financial, underwriting, claims, and policy systems.
• Develop, implement, maintain, and oversee the enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry standards and best practices.
• Oversee risk assessments for both traditional IS systems and AI/ML models, identifying vulnerabilities such as data leakage, model drift, and adversarial threats.
• Provide leadership and mentoring to cybersecurity and other technology professionals, aligning team efforts with business priorities.
• Oversee the administration of end-user accounts, permissions, and access rights.
• Monitor and address issues found via server logs, firewall logs, intrusion detection/prevention logs, and network traffic for unusual or suspicious activity.
• Oversee the connection security for local area networks, SDWAN, Internet, Intranet sites, email communications, and secure file transfer mechanisms.
• Collaborate with business and IS teams to embed security and privacy controls into AI model development, deployment, and monitoring pipelines.
• Monitor security events and AI system behaviors using SIEM and model observability tools, and coordinate incident response across both domains.
• Design, coordinate, and/or oversee internal and external penetration testing to identify vulnerabilities and ensure appropriate remediation.
• Plan and execute Disaster Recovery & Business Continuity exercises, including tabletop activities and other preparedness best practices.
• Recommend, schedule, and apply security fixes, patches, disaster recovery procedures, and any other measures required in the event of a security breach.
• Ensure compliance with SEC and state-level insurance regulations, and identify and incorporate best practices and standards.
• Support internal audits, SOC audits, cyber insurance underwriting reviews, and regulatory inquiries with clear documentation and risk narratives.
• Interact and negotiate with vendors and other partners to obtain security and AI services.
• Develop and maintain documentation for enterprise cybersecurity and AI tools and processes.
• Work closely with the IS team to ensure optimal performance, security, and compliance of the enterprise infrastructure.

Supervisory Responsibilities: May be responsible for supervising one or more team members, depending on business needs.

Education and Experience: 

• 7+ years Information Systems experience, including 1-2 years experience in a leadership role, in a corporate environment, ideally in the Insurance or Financial Services industry. 
• Bachelor’s Degree required in Computer Science or Information Technology, ideally with a concentration in Information Security/Cybersecurity, AI/ML, or Network engineering.
• Master’s Degree preferred.

Required Knowledge and Skills: 

• Strong foundation in network security engineering and enterprise risk management.
• Experience with AI/ML systems in regulated environments is a strong plus.
• Proficiency with enterprise firewalls, endpoint protection, and cloud security platforms (Google/Azure/AWS).
• Familiarity with NIST CSF 2.0 and NIST AI RMF, certification preferred.
• CISSP, CISM, or equivalent certification preferred.
• Strong communication skills, with the ability to translate technical and AI-related risks into business terms.

Physical Requirements: 

• Able to work in a typical office setting where the employee may occasionally lift and/or move up to 10 pounds.
• The noise level in the work environment is usually moderate.
• Occasional travel required (< 10%)

Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

Nodak Insurance Company complies fully with all federal, state, and local employment laws and shall provide equal employment and advancement opportunities for all persons regardless of race, color, creed, religion, national origin, sex, sexual orientation, age, the presence of any mental or physical disability, status with regard to public assistance or marriage, or any other category protected by local, state or federal law.