Director Associate Information Security
Overview:
Join an amazing team that is consistently recognized for our achievements and culture, including our most recent Forbes award of being one of America's Best Midsize Employers for 2026! We are seeking a Associate Director, DevSecOps Security Operations Center (SOC). This role will lead our information security monitoring and response posture through 24x7x365 monitoring, detection, and response. You will drive our DevSecOps Security Operations Center β built on low-false-positive alerting, automated response, and AI β to the next level of maturity.The ideal candidate is experienced with anticipating threats, enhance advanced prevention capabilities, and leverage deep expertise in data, tooling, integrations, and team development to stay ahead of evolving risks. This role requires a strong people leader that also has experience leading Managed Security Service Providers (MSSP), Managed Data Detection & Response (MDDR), and Endpoint Detection & Response (EDR) teams. You will lead your security services using a distributed model under consolidated leadership (YOU).If you work and think at this next level of security leadership, we want to hear from you.
Geo-Salary Information:
An in-person interview may be required during the hiring process State specific pay scales for this role are as follows:$118,078 to $330,661 (CA, NJ, NY, WA, HI, AK, MD, CT, RI, MA)$118,078 to $330,661 (NV, OR, AZ, CO, WY, TX, ND, MN, MO, IL, WI, FL, GA, MI, OH, VA, PA, DE, VT, NH, ME)$118,078 to $330,661 (UT, ID, MT, NM, SD, NE, KS, OK, IA, AR, LA, MS, AL, TN, KY, IN, SC, NC, WV)The expected base salary for this position will vary depending on a number of factors, including relevant experience, skills and location.
Responsibilities:
Essential Job Functions:The essential function of this position is to be accountable as an information security architect for supporting the information security program within IT and business initiatives.Management and leadership of Information Security personnel.Provide Information Security subject matter expertise and security consulting to IT projects and initiatives using information security standards, best practices and approaches, with an emphasis on application security.Develop Information Security requirements across the enterprise for data protection, network protection, and application protection and compliance with regulatory requirements for protection of information.Conduct threat analysis for systems or applications including analysis of current and known security exposures, planning for remediation of exposures, staged and planned penetration testing, vulnerability assessment and analysis of results.Conduct research on best practices, emerging technologies and threats as it relates to Information Security.Act as subject matter expert on security related control testing, control remediation and incident response.Other functions that may be assigned
Qualifications:
Education:Bachelor of Science Degree in Information Technology or equivalent professional experience.CISSP certification or equivalent is highly desirable.SANS certifications or equivalent are desirable.CISA or additional security certifications are desirable.Experience:Minimum:22 - 25+ years of work experience in multiple fields of Information Technology with an emphasis on Information Security.12+ years of this experience, directly in the Information Security field.5+ years experience in a leadership/management role directly leading people. Preferred: Available to be on-call in support of leading a 24x7x365 SOC environment.Working experience with Intrusion Detection, Firewall Monitoring, System Monitoring.Working experience and ability to conduct application / system Penetration Testing / OWASP using industry standard tools.Extensive knowledge of Security Policy, Standards, Guidelines, and Process Development.Detailed knowledge of secure architectures and their design.Knowledge and Skills:Experience in an Commander role in security Incident Response processes.Detailed knowledge of web application development (Java, .Net, Secure configurations).Working experience collaborating with development teams to understand and remediate application security vulnerabilities.Working experience and ability to conduct network vulnerability testing and remediation.Working experience and ability to conduct Threat Analysis.Strong knowledge of Virus, Worms and Other Malware (Prevention/Detection) and Incident Response.Strong knowledge of Encryption / Tokenization / Key Management.Strong knowledge of access control technologies.Excellent knowledge of Operating systems and platforms (UNIX, Windows, Virtualization, etc.).Working knowledge of network security (Routing, switching, TCP/IP, DNS, Architecture, WLAN).Working knowledge of state privacy laws and the PCI DSS. Ability to work with all levels of personnel within the IT department and departments external to IT, in a dynamic and challenging environment.Must consistently maintain a professional demeanor/attitude with all levels of management, employees, customers, and vendors to accomplish organizational goals; take action that respects the needs and contributions of others; take responsibility for actively participating and contributing to team efforts; acts as team facilitator when appropriate.Ability to communicate complicated concepts to both management and technical staff and thrive in a cross-functional matrix environment.Must be self-motivated and capable of working with minimal supervision and/or direction, and proactively manages their own workload.Must be accountable and take direction from supervisor, follow work rules, and keep required work schedules, which include regular and predictable job attendance.Well-balanced interpersonal skills are required.Knowledge of security technologies and their alignment into compliance controls.
About the Company:
Why choose a career at Mercury?At Mercury, we have been guided by our purpose to help people reduce risk and overcome unexpected events for more than 60 years. We are one team with a common goal to help others. Everyone needs insurance and we canβt imagine a world without it.Our team will encourage you to grow, make time to have fun, and work together to make great things happen. We embrace the strengths and values of each team member. We believe in having diverse perspectives where everyone is included, to serve customers from all walks of life.We care about our people, and we mean it. We reward our talented professionals with a competitive salary, bonus potential, and a variety of benefits to help our team members reach their health, retirement, and professional goals. Learn more about us here: https://www.mercuryinsurance.com/about/careers
Perks and Benefits:
We offer many great benefits, including:Competitive compensationFlexibility to work from anywhere in the United States for most positionsPaid time off (vacation time, sick time, 9 paid Company holidays, volunteer hours)Incentive bonus programs (potential for holiday bonus, referral bonus, and performance-based bonus)Medical, dental, vision, life, and pet insurance401 (k) retirement savings plan with company matchEngaging work environmentPromotional opportunitiesEducation assistanceProfessional and personal development opportunitiesCompany recognition programHealth and wellbeing resources, including free mental wellbeing therapy/coaching sessions, child and eldercare resources, and moreMercury Insurance is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by federal, state, or local law.
Pay Range:
USD $107,344.71 - USD $300,603.92 /Yr.
Apply Now
Join an amazing team that is consistently recognized for our achievements and culture, including our most recent Forbes award of being one of America's Best Midsize Employers for 2026! We are seeking a Associate Director, DevSecOps Security Operations Center (SOC). This role will lead our information security monitoring and response posture through 24x7x365 monitoring, detection, and response. You will drive our DevSecOps Security Operations Center β built on low-false-positive alerting, automated response, and AI β to the next level of maturity.The ideal candidate is experienced with anticipating threats, enhance advanced prevention capabilities, and leverage deep expertise in data, tooling, integrations, and team development to stay ahead of evolving risks. This role requires a strong people leader that also has experience leading Managed Security Service Providers (MSSP), Managed Data Detection & Response (MDDR), and Endpoint Detection & Response (EDR) teams. You will lead your security services using a distributed model under consolidated leadership (YOU).If you work and think at this next level of security leadership, we want to hear from you.
Geo-Salary Information:
An in-person interview may be required during the hiring process State specific pay scales for this role are as follows:$118,078 to $330,661 (CA, NJ, NY, WA, HI, AK, MD, CT, RI, MA)$118,078 to $330,661 (NV, OR, AZ, CO, WY, TX, ND, MN, MO, IL, WI, FL, GA, MI, OH, VA, PA, DE, VT, NH, ME)$118,078 to $330,661 (UT, ID, MT, NM, SD, NE, KS, OK, IA, AR, LA, MS, AL, TN, KY, IN, SC, NC, WV)The expected base salary for this position will vary depending on a number of factors, including relevant experience, skills and location.
Responsibilities:
Essential Job Functions:The essential function of this position is to be accountable as an information security architect for supporting the information security program within IT and business initiatives.Management and leadership of Information Security personnel.Provide Information Security subject matter expertise and security consulting to IT projects and initiatives using information security standards, best practices and approaches, with an emphasis on application security.Develop Information Security requirements across the enterprise for data protection, network protection, and application protection and compliance with regulatory requirements for protection of information.Conduct threat analysis for systems or applications including analysis of current and known security exposures, planning for remediation of exposures, staged and planned penetration testing, vulnerability assessment and analysis of results.Conduct research on best practices, emerging technologies and threats as it relates to Information Security.Act as subject matter expert on security related control testing, control remediation and incident response.Other functions that may be assigned
Qualifications:
Education:Bachelor of Science Degree in Information Technology or equivalent professional experience.CISSP certification or equivalent is highly desirable.SANS certifications or equivalent are desirable.CISA or additional security certifications are desirable.Experience:Minimum:22 - 25+ years of work experience in multiple fields of Information Technology with an emphasis on Information Security.12+ years of this experience, directly in the Information Security field.5+ years experience in a leadership/management role directly leading people. Preferred: Available to be on-call in support of leading a 24x7x365 SOC environment.Working experience with Intrusion Detection, Firewall Monitoring, System Monitoring.Working experience and ability to conduct application / system Penetration Testing / OWASP using industry standard tools.Extensive knowledge of Security Policy, Standards, Guidelines, and Process Development.Detailed knowledge of secure architectures and their design.Knowledge and Skills:Experience in an Commander role in security Incident Response processes.Detailed knowledge of web application development (Java, .Net, Secure configurations).Working experience collaborating with development teams to understand and remediate application security vulnerabilities.Working experience and ability to conduct network vulnerability testing and remediation.Working experience and ability to conduct Threat Analysis.Strong knowledge of Virus, Worms and Other Malware (Prevention/Detection) and Incident Response.Strong knowledge of Encryption / Tokenization / Key Management.Strong knowledge of access control technologies.Excellent knowledge of Operating systems and platforms (UNIX, Windows, Virtualization, etc.).Working knowledge of network security (Routing, switching, TCP/IP, DNS, Architecture, WLAN).Working knowledge of state privacy laws and the PCI DSS. Ability to work with all levels of personnel within the IT department and departments external to IT, in a dynamic and challenging environment.Must consistently maintain a professional demeanor/attitude with all levels of management, employees, customers, and vendors to accomplish organizational goals; take action that respects the needs and contributions of others; take responsibility for actively participating and contributing to team efforts; acts as team facilitator when appropriate.Ability to communicate complicated concepts to both management and technical staff and thrive in a cross-functional matrix environment.Must be self-motivated and capable of working with minimal supervision and/or direction, and proactively manages their own workload.Must be accountable and take direction from supervisor, follow work rules, and keep required work schedules, which include regular and predictable job attendance.Well-balanced interpersonal skills are required.Knowledge of security technologies and their alignment into compliance controls.
About the Company:
Why choose a career at Mercury?At Mercury, we have been guided by our purpose to help people reduce risk and overcome unexpected events for more than 60 years. We are one team with a common goal to help others. Everyone needs insurance and we canβt imagine a world without it.Our team will encourage you to grow, make time to have fun, and work together to make great things happen. We embrace the strengths and values of each team member. We believe in having diverse perspectives where everyone is included, to serve customers from all walks of life.We care about our people, and we mean it. We reward our talented professionals with a competitive salary, bonus potential, and a variety of benefits to help our team members reach their health, retirement, and professional goals. Learn more about us here: https://www.mercuryinsurance.com/about/careers
Perks and Benefits:
We offer many great benefits, including:Competitive compensationFlexibility to work from anywhere in the United States for most positionsPaid time off (vacation time, sick time, 9 paid Company holidays, volunteer hours)Incentive bonus programs (potential for holiday bonus, referral bonus, and performance-based bonus)Medical, dental, vision, life, and pet insurance401 (k) retirement savings plan with company matchEngaging work environmentPromotional opportunitiesEducation assistanceProfessional and personal development opportunitiesCompany recognition programHealth and wellbeing resources, including free mental wellbeing therapy/coaching sessions, child and eldercare resources, and moreMercury Insurance is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by federal, state, or local law.
Pay Range:
USD $107,344.71 - USD $300,603.92 /Yr.
Apply Now