Chief Information Security Officer (CISO)

Title: Chief Information Security Officer (CISO ) Location: Austin, TX / Morristown, NJ (hybrid) Reports To: Chief Technology Officer About Hippo: Hippo exists to protect the joy of homeownership. We believe that insurance should protect the things you treasure through an intuitive, modern experience. We provide tailored insurance coverage and preventative maintenance plans that keep you protected throughout your homeowner journey. We’ll also help you find coverage for everything life brings—from auto to flood—reimagining how you care for your home. About the Role: Hippo is hiring a Chief Information Security Officer to lead cybersecurity strategy, security operations, and governance, risk, and compliance across the enterprise. You will be responsible for protecting Hippo's systems, data, and customers against an evolving threat landscape while ensuring the company meets its regulatory and compliance obligations as a publicly traded, multi-state insurance carrier. This role owns Hippo's SOC 2 program, leads security operations, and drives compliance with applicable state and federal cybersecurity regulations. You will also own identity governance, privacy and data protection strategy, and third-party risk management. This is a high-visibility leadership role that requires equal fluency in security engineering, regulatory compliance, and executive communication. About You: You are a seasoned cybersecurity leader who has built and run security programs at a publicly traded, regulated company. You have navigated regulatory examinations and SOX audit cycles, and you can move seamlessly between a technical incident response scenario and a board presentation. You think in terms of risk, you quantify what you can, and you communicate what you can't with intellectual honesty. You bring a builder's mindset to security. You understand that a great security program enables the business rather than slowing it down, and you know how to embed security into engineering culture without creating friction. Whether your background is in Insurtech, fintech, healthcare, or another heavily regulated sector, you understand multi-regulator environments and lead with clarity and high standards. What You'll Do: Further develop and execute Hippo's enterprise cybersecurity strategy, aligned with business risk appetite and regulatory requirements Build and lead the security operations function, including threat detection, incident response, vulnerability management, and threat intelligence Own Hippo's SOC 2 program end-to-end, including control design, evidence collection, readiness assessments, and auditor engagement Lead the governance, risk, and compliance function, maintaining the cybersecurity risk register, policy framework, standards, and control library Drive compliance with applicable state and federal cybersecurity and insurance regulations Support SEC cybersecurity disclosure obligations in coordination with Legal and Finance Lead identity governance, including access certification, privileged access management policy, and separation of duties enforcement Own privacy and data protection compliance strategy, partnering with Legal on data handling, breach notification, and policyholder data protection Manage the third-party and vendor cybersecurity risk management program Report to the Board of Directors and Audit and Risk Committee on cybersecurity posture, risk trends, and incident activity Provide second-line oversight and security control design input to the SOX ITGC program Build and lead the security engineering function, owning secure design standards and threat modeling practices that ensure security is embedded from architecture through to deployment Build, mentor, and develop the cybersecurity team and drive a culture of security awareness across the organization Lead cybersecurity budgeting, roadmap planning, and technology rationalization Own disaster recovery and business continuity planning across the ... (truncated, view full listing at source)