Massmutual
Overview Massachusetts Mutual Life Insurance Company (MassMutual) is seeking a dynamic and experienced leader to serve as Head of Cybersecurity Strategy & Operations. This role is a critical member of the cybersecurity leadership team, reporting directly to the CISO, and is responsible for leading the operational execution of the enterprise cybersecurity program. The successful candidate will oversee all aspects of cyber operations, governance, risk and compliance — including the Security Operations Center (SOC), threat intelligence, incident response, and vulnerability management — while also playing a pivotal role in shaping and executing the company’s cybersecurity strategy. This leader will act as a trusted delegate to the CISO, ensuring continuity of leadership and resilience across the cybersecurity function.
Candidates should take the time to read all the elements of this job advert carefully Please make your application promptly. Responsibilities
Lead MassMutual’s strategy to safeguard digital assets and sustain policyholder trust by driving proactive threat management, advanced data analytics, and disciplined risk management. Implement security controls and adapt them to address the evolving threat landscape to strengthen cyber resiliency while enabling the business. Own the global Security Operations Center (SOC), Threat Intelligence, Incident Response, and security operations platforms; orchestrate the operating model, metrics, and governance for a high-performing cyber program. Partner with ERM to integrate cyber risk into the enterprise risk framework and routinely engage executive leadership and the Board on posture, risk, and program maturity. Oversee the operating model for cyber operations, including first/second line interfaces, decision rights, runbooks, and service levels; ensure alignment with enterprise risk appetite and regulatory expectations. Security Operations (SOC) & Incident Readiness
Lead 24x7 global SOC operations (monitoring, detection, triage, response, recovery), integrated with Threat Intelligence and Incident Response; ensure modern detection engineering and threat-informed defense. Own cyber incident response: playbooks, tabletop exercises, and lessons learned; coordinate with cyber partner organizations and corporate communications on material events. Governance, Risk & Compliance
Integrate cyber risk programs and frameworks (e.g., NIST CSF, FAIR) with the enterprise risk framework; run or contribute to risk councils, steering committees, and regulatory/assurance routines. Drive cyber policies, standards, and control health; ensure readiness for regulators, auditors, customers, and partners; partner with ERM on material risk identification and reporting. Metrics, Reporting & Executive Engagement
Define and maintain KPIs/KRIs and board-level metrics that reflect risk reduction, operational performance, and program maturity; produce concise, decision-oriented reports for the CISO, ELT, and Board. Architecture, Engineering & Third Parties
Partner with Security Architecture/Engineering to ensure controls are designed for cloud and on-prem environments and are instrumented for measurable effectiveness. Oversee critical security platforms and vendors (SIEM, EDR, SOAR, threat intel, vulnerability/attack surface management); evaluate providers, negotiate outcomes, and ensure measurable value. Collaborate with Procurement/TPRM for third-party cyber risk management and incident coordination with key suppliers. Culture, Talent & Budget
Build and lead a high-performing, mission-driven team; set outcomes, develop leaders, design on-call/coverage models, and foster a culture of accountability, speed, and continuous improvement. Own budgets for SOC and operations, tying investments to risk reduction and performance outcomes. Champion security awareness and partnership across technology and the business. Qualifications
12–15+ years of progressive cybersecurity leadership in complex, regulated enterprises; proven accountability for SOC/IR, vulnerability management, and cyber operations. Demonstrated success shaping and executing cyber strategy and integrating cyber risk with enterprise risk frameworks; direct Board/ELT engagement experience. Depth in threat-informed defense, detection engineering, incident command, and large-scale operations. Bachelor’s degree in Information Security, Computer Science, or related field; advanced degree preferred. Relevant credentials (e.g., CISSP, CISM, CRISC) strongly preferred. Required Certifications
CISSP (Strongly Preferred), CISM, CRISC, GIAC certifications (e.g., GCIA, GCIH, GRID) for SOC/IR expertise, CISA for governance and compliance. Equal Opportunity MassMutual is an Equal Employment Opportunity employer. We welcome all persons to apply. If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need. MassMutual focuses on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes a bonus target or a variable incentive component where applicable. For more information about our extensive benefits offerings please check out Total Rewards at a Glance.
#J-18808-Ljbffr
Candidates should take the time to read all the elements of this job advert carefully Please make your application promptly. Responsibilities
Lead MassMutual’s strategy to safeguard digital assets and sustain policyholder trust by driving proactive threat management, advanced data analytics, and disciplined risk management. Implement security controls and adapt them to address the evolving threat landscape to strengthen cyber resiliency while enabling the business. Own the global Security Operations Center (SOC), Threat Intelligence, Incident Response, and security operations platforms; orchestrate the operating model, metrics, and governance for a high-performing cyber program. Partner with ERM to integrate cyber risk into the enterprise risk framework and routinely engage executive leadership and the Board on posture, risk, and program maturity. Oversee the operating model for cyber operations, including first/second line interfaces, decision rights, runbooks, and service levels; ensure alignment with enterprise risk appetite and regulatory expectations. Security Operations (SOC) & Incident Readiness
Lead 24x7 global SOC operations (monitoring, detection, triage, response, recovery), integrated with Threat Intelligence and Incident Response; ensure modern detection engineering and threat-informed defense. Own cyber incident response: playbooks, tabletop exercises, and lessons learned; coordinate with cyber partner organizations and corporate communications on material events. Governance, Risk & Compliance
Integrate cyber risk programs and frameworks (e.g., NIST CSF, FAIR) with the enterprise risk framework; run or contribute to risk councils, steering committees, and regulatory/assurance routines. Drive cyber policies, standards, and control health; ensure readiness for regulators, auditors, customers, and partners; partner with ERM on material risk identification and reporting. Metrics, Reporting & Executive Engagement
Define and maintain KPIs/KRIs and board-level metrics that reflect risk reduction, operational performance, and program maturity; produce concise, decision-oriented reports for the CISO, ELT, and Board. Architecture, Engineering & Third Parties
Partner with Security Architecture/Engineering to ensure controls are designed for cloud and on-prem environments and are instrumented for measurable effectiveness. Oversee critical security platforms and vendors (SIEM, EDR, SOAR, threat intel, vulnerability/attack surface management); evaluate providers, negotiate outcomes, and ensure measurable value. Collaborate with Procurement/TPRM for third-party cyber risk management and incident coordination with key suppliers. Culture, Talent & Budget
Build and lead a high-performing, mission-driven team; set outcomes, develop leaders, design on-call/coverage models, and foster a culture of accountability, speed, and continuous improvement. Own budgets for SOC and operations, tying investments to risk reduction and performance outcomes. Champion security awareness and partnership across technology and the business. Qualifications
12–15+ years of progressive cybersecurity leadership in complex, regulated enterprises; proven accountability for SOC/IR, vulnerability management, and cyber operations. Demonstrated success shaping and executing cyber strategy and integrating cyber risk with enterprise risk frameworks; direct Board/ELT engagement experience. Depth in threat-informed defense, detection engineering, incident command, and large-scale operations. Bachelor’s degree in Information Security, Computer Science, or related field; advanced degree preferred. Relevant credentials (e.g., CISSP, CISM, CRISC) strongly preferred. Required Certifications
CISSP (Strongly Preferred), CISM, CRISC, GIAC certifications (e.g., GCIA, GCIH, GRID) for SOC/IR expertise, CISA for governance and compliance. Equal Opportunity MassMutual is an Equal Employment Opportunity employer. We welcome all persons to apply. If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need. MassMutual focuses on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes a bonus target or a variable incentive component where applicable. For more information about our extensive benefits offerings please check out Total Rewards at a Glance.
#J-18808-Ljbffr