Director, Information & Technology Security

Highstreet Insurance Partners provided pay range

This range is provided by Highstreet Insurance Partners. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$/hr - $/hr

Job Title: Director, Information & Technology Security
Location: Hybrid – Chicago
Salary: $160,000-$180,000 annually, eligible for annual bonus for meeting performance goals

Company Background: Highstreet Insurance Partners (Highstreet) is one of the fastest-growing insurance agencies in the U.S. Founded with the mindset of putting people first, Highstreet brings technical and industry experience together to serve and protect customers while providing its internal teams with the tools and resources to grow. We love to help people pursue life’s opportunities with tenacity and confidence to create stronger, more resilient communities.

We do it for all our futures.

Role Overview

The Director of Information & Technology Security is responsible for designing, executing, and operating the company’s security program across identity, endpoint, data, application, and network domains. This is a hands‑on leadership role focused on practical risk reduction, operational security, and scaling security across a growing, acquisition‑driven organization.

The Director will partner closely with Technology Operations, Infrastructure, and M&A teams to embed security into day‑to‑day operations and future‑state architecture.

The Director reports directly to the VP of Technology Operations and is accountable for execution, not theory.

Primary Objectives

• Reduce enterprise security risk through practical, enforceable controls
• Execute against the company’s multi‑year security roadmap
• Mature identity, endpoint, and data protection capabilities
• Operationalize detection, response, and monitoring
• Support secure growth through M&A and integration activity
• Improve visibility, consistency, and security posture without unnecessary friction

Key Responsibilities Identity Security & Access Control

• Own identity security strategy and execution across Entra  Microsoft 365
• Implement and maintain conditional access, MFA, and privileged identity management
• Establish baseline access standards and least‑privelege models
• Reduce identity‑based risk and credential abuse across the enterprise
• Partner with IT Operations on identity lifecycle management and access reviews

Endpoint, Device & M365 Security

• Oversee endpoint protection, device compliance, and EDR capabilities
• Partner with Intune and Device teams to enforce security baselines
• Improve detection and response through MDR and telemetry
• Reduce endpoint‑based attack surface and configuration drift
• Ensure security controls scale across acquired environments

Data Protection & Insider Risk

• Lead data loss prevention (DLP), insider risk, and sensitive data protection efforts
• Partner with IT and Legal on data classification and protection strategies
• Improve visibility into sensitive data usage and movement
• Reduce data exfiltration risk across cloud and endpoint environments
• Support investigations and response to insider‑related events

Application & Cloud Security

• Improve visibility into SaaS usage and shadow IT
• Partner with Technology teams on secure application access and posture
• Support future‑state cloud app security capabilities
• Ensure security controls align with business workflows, not disrupt them

Incident Response, Monitoring & Operations

• Own incident response planning and execution
• Partner with SOC / MDR providers to ensure effective detection and response
• Lead security investigations and post‑incident remediation
• Establish clear runbooks, escalation paths, and communication protocols
• Provide executive‑level visibility into incidents, risks, and remediation progress

M&A Security Support

• Support security diligence for acquisitions
• Assess security posture of acquired entities
• Partner with Technology Operations to prioritize remediation
• Drive security standardization post‑close without disrupting operations

Required Experience & Skills

• 6–10+ years in information or technology security roles
• Experience operating security in mid‑market or PE‑backed environments
• Strong background in:
  • Identity & Access Management (Entra  / Azure AD)
  • Endpoint security and EDR
  • Microsoft 365 security stack
  • Incident response and security operations
• Ability to balance security requirements with business realities
• Experience partnering with IT Operations, Infrastructure, and vendors
• Strong communication skills with both technical and non‑technical leaders

Benefits

• Employer Paid Life & AD&D
• Employer Paid Short- & Long‑term disability
• Paid Holidays
• 401k with employer match
• Health, Vision, and Dental insurance

Work Environment

• Hybrid Work work schedule in the Chicago, IL.

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of the position as described above.

Seniority level

• Director

Employment type

• Full‑time

Job function

• Information Technology
• Insurance

#J-18808-Ljbffr