Executive Director, Cybersecurity Strategy, Governance, & Engagement

You desire impactful work.
 

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

The Executive Director of Cybersecurity Strategy, Governance, & Engagement is responsible for shaping, operationalizing, and communicating the enterprise cybersecurity strategy while driving measurable outcomes and a strong security culture across the organization. This role combines strategic planning, performance management, training & awareness and organizational engagement to help ensure cybersecurity capabilities are aligned with business objectives, current threats, and regulatory expectations.

The Executive Director serves as a strategic partner to the VP, Cybersecurity Strategy, Governance, and Oversight as well as the Chief Information Security Officer and other IT and security leaders and teams, translating cybersecurity vision into actionable roadmaps, meaningful metrics, and enterprise-wide engagement initiatives.

Principal Duties

Cybersecurity Governance, Strategy & Planning

• Partner with the VP, Cybersecurity Strategy, Governance, and Oversight to define, evolve, and maintain the enterprise cybersecurity strategy and multi‑year roadmap

• Translate cybersecurity strategy into strategic objectives, key results, initiatives, investment priorities, and governance expectations

• Establish and maintain cybersecurity governance frameworks, including decision rights, accountability, and escalation paths

• Partner with security teams to define and contribute to cybersecurity requirements that guide and shape execution across security and technology workstreams

• Ensure cybersecurity strategy is clearly documented and communicated across technical, executive, and board‑level audiences

• Provide oversight and transparency through consistent reporting on strategy execution and progress against the roadmap

Cybersecurity Metrics & Reporting

• Design, implement, and maintain a comprehensive cybersecurity key risk and key performance indicator framework

• Develop executive dashboards, scorecards, and regular reporting packages that communicate security posture, trends, and program effectiveness to technical and non-technical stakeholders

• Collect, analyze, and synthesize data from multiple security tools and sources to identify patterns, gaps, and opportunities for improvement

• Establish baseline measurements and track progress against cybersecurity program goals and regulatory compliance requirements

• Collaborate with security operations, architecture, engineering, risk management, and compliance teams to ensure metrics accurately reflect security outcomes

• Lead the development of executive presentations on cybersecurity program performance

Cybersecurity Engagement

• Develop and execute a cybersecurity awareness and training strategy tailored to different audiences, roles, and risk profiles

• Identify opportunities for engaging training content, including e-learning modules, workshops, simulations, phishing campaigns, and microlearning materials

• Collaborate with cross-functional learning teams to implement organization-wide security awareness campaigns utilizing multiple channels (e.g., email, intranet, videos, posters, events)

• Establish metrics to measure training effectiveness, behavior change, and cultural adoption of security best practices

• Partner with Human Resources, Internal Communications, and business units to integrate security awareness into onboarding, role changes, and ongoing professional development

• Oversee and coordinate security outreach initiatives such as Cybersecurity Awareness Month activities, Security Communications initiatives, lunch-and-learns, and executive briefings

• Stay current with emerging threats and attack trends to ensure training content remains relevant and timely

Cross-Functional Leadership

• Collaborate with security leadership and domain subject matter experts to align metrics and training initiatives with overall cybersecurity strategy

• Build relationships across IT, Legal, Compliance, Risk Management, and business stakeholders

• Manage vendor relationships related to training platforms, awareness tools, and reporting solutions

Qualifications

Education and Certifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Business Administration, Communications, or related field, or equivalent experience - Required

• Post-graduate or professional qualification in related field - Preferred

• Relevant industry certifications such as CISSP, CISM, CRISC, Security+, or similar - Preferred

• Training or instructional design certifications (e.g., CPTD, ATD certification) - Preferred

Work Experience, Skills, and Abilities

• 10+ years’ relevant technology and business experience - Required

• Minimum 5-7 years of progressive experience in cybersecurity, information security, or IT risk management - Required

• Demonstrated experience developing and implementing cybersecurity metrics, KPIs, and reporting frameworks - Required

• Proven experience developing, executing, and maturing cybersecurity strategies and roadmaps aligned to enterprise business objectives - Required

• Proven track record of designing and delivering cybersecurity training and awareness programs - Required

• Experience creating executive-level presentations and communicating technical concepts to non-technical audiences - Required

• Strong analytical skills with experience collecting, analyzing, and visualizing security data - Required

• Hands-on experience with security tools, technologies, and frameworks (NIST CSF, ISO 27001, CIS Controls) - Required

• Experience managing projects and coordinating cross-functional initiatives - Required

• Experience in a regulated industry (financial services, insurance, government, etc.) - Preferred

• Background in strategy, governance, risk management, or compliance functions - Preferred

• Proficiency with data management, data visualization, and business intelligence tools (e.g., Power BI, Snowflake, Alteryx) - Preferred

• Experience with learning management systems (LMS) and security awareness platforms (e.g., KnowBe4, Proofpoint, SANS Security Awareness) - Preferred

• Experience conducting phishing simulations - Preferred

• Knowledge of adult learning principles and instructional design methodologies - Preferred

• Prior experience managing vendor relationships and procurement processes - Preferred

• Demonstrated success in driving cultural change and influencing behavior across organizations - Preferred

• Experience with Governance, Risk, and Compliance (GRC) platforms - Preferred

#LI-CW1

#LI-Remote

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.

We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you.

Compensation Range:

Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.