Insurance companies run on trust before anything else. They manage sensitive personal data, financial records, claims systems, underwriting workflows, healthcare information, regulated platforms, and the digital operations that keep customers covered when risk becomes real. The security leaders in this group bring experience from mortgage insurance, health insurance, bonding, pharmacy benefits, cloud security, identity platforms, military operations, incident response, compliance, and enterprise risk.
Manny Landron – CISO, Enact Mortgage Insurance
Manny Landron became CISO at Enact Mortgage Insurance in October 2023, inheriting a strong cybersecurity foundation and elevating it through formalized functional structure, more mature vulnerability management, and stronger cloud, product, and AI security. His work supports Enact’s cloud-first and AI modernization agenda while positioning the program for rising customer and regulatory expectations. Before Enact, Landron advised regulated organizations on cloud security and enterprise risk at Aligned Technology Group, including a one-year de facto CISO role for Caesars Sportsbook during the post-acquisition integration of William Hill into Caesars Entertainment’s security and governance framework. He also built IAT Insurance Group’s first enterprise security and privacy programs, aligning them to NY DFS, California privacy, and NIST while modernizing infrastructure and supporting the security integration of International Fidelity Insurance Company after acquisition. His military background adds a different kind of operating pressure: during Operation Iraqi Freedom, he led network operations and cybersecurity at Forward Operating Base Q-West, maintaining three mission-critical networks with near-100% uptime and zero breaches under sustained operational pressure.
Nick Vigier – CISO, Oscar Health
At Oscar Health, Nick Vigier brings more than 20 years of security and technology leadership experience built in highly regulated, fast-growth environments. His career has focused on building security teams, improving risk-based decision support for senior leadership, and balancing innovation with security outcomes. At Talend, he led security through a period that included the company’s acquisition by Qlik, created a board-level Cybersecurity Committee, built a capabilities and maturity heatmap aligned to the NIST Cyber Security Framework, and moved IT from 15% security and visibility coverage for assets to more than 90% within 45 days of launch. He also established Talend’s customer trust portal, which gave prospects, customers, and internal teams a single source of truth on security posture, reduced security questionnaires by 60%, and had 30% of ARR leveraging the portal within four months. Earlier, Vigier was the first CISO at ID.me, where he built a Security and Risk Management program for a cloud-based identity platform during a global identity theft crisis and helped the company securely grow threefold in 12 months.
Jamell Richard Blake – CISO, Humana Corp
Security leadership at Humana Corp places Jamell Richard Blake in a role that combines enterprise cybersecurity strategy, healthcare data protection, third-party risk, compliance, incident response, and executive coordination. As CISO, he chairs the Security Steering Committee, leads initiatives to increase stakeholder involvement, and supports enterprise-wide security culture and readiness. His responsibilities include leading incident response during cybersecurity breaches or incidents, coordinating with internal teams and external stakeholders, overseeing third-party risk management, and managing audit and compliance programs tied to ISO, HIPAA, SOC 2, and PCI DSS. Blake also develops procedures to secure confidential information, personally identifiable information, and protected health information in support of the cyber risk program. Before Humana, he held security and risk management leadership roles at FedCon Services, the City of Houston, PREMIER ISA, and the U.S. Army Criminal Investigation Division. That earlier work included public safety, emergency management, protective services, investigations, crisis planning, and operational risk.
John Mandracchia – CISO, Health Plans, Inc.
John Mandracchia has spent more than 17 years at Health Plans, Inc., moving from Lead System Engineer to Director of Cybersecurity and Infrastructure before becoming CISO in January 2019. His work focuses on strategic cybersecurity planning, risk management policy, cross-departmental process improvements, and alignment between IT goals and the organization’s broader healthcare mission. As CISO, he has improved the Disaster Recovery Plan’s RTO and RPO to minutes, strengthening business continuity across operations. Mandracchia has also led infrastructure and cybersecurity teams, managed projects ranging from vendor evaluations to process enhancements, migrated subsidiary operations to more cost-effective cloud solutions, and integrated advanced cybersecurity technologies. His earlier experience at Emerson Hospital and Winchester Hospital gives his insurance security role a healthcare infrastructure foundation that predates his current CISO title.
Nam Tran – CISO, Merchants Bonding Company
A cybersecurity career built through military, government, banking, entertainment, and bonding environments gives Nam Tran a broad operating base at Merchants Bonding Company. As CISO, he develops information security programs and aligns security initiatives with the company’s strategic goals. Before joining Merchants Bonding, Tran served as Director of Cybersecurity Engineering at WWE, where he planned and developed initiatives for new technologies, processes, and procedures to protect critical assets from emerging threats. At Bankers Trust, he was AVP, IT Security Director, with responsibility for enterprise-wide IT security infrastructure covering data protection, email security, incident response, disaster recovery, vulnerability management, regulatory compliance, and vendor management. He also developed an IT security roadmap to consolidate and modernize security tools and created policies, procedures, and standards aligned to FFIEC requirements. Earlier roles included cyber transport work in the Air National Guard, security monitoring for National Nuclear Security Administration networks, TS/SCI network support for the U.S. Army Pacific Theater, and Department of Defense enterprise network services.
Mick Zampogna – CISO, Prime Therapeutics
Mick Zampogna has led information security at Prime Therapeutics for more than a decade, with responsibilities tied to risk management, business continuance, governance, compliance, security strategy, and executive risk metrics. At Prime, he created an organization to support the company’s information security needs, developed a PCI-compliant program for a Level 2 merchant environment, managed a $6 million information security spend, created a risk management group to govern IT risk using recognized standards, and developed executive metrics that provide leading indicators of risk posture. His earlier role at Northwest Airlines shows how much of his security leadership was already tied to resilience and business continuity. There, Zampogna created and deployed an enterprise security policy with 17 functional policies based on ISO 17799, built a 13-element security program and three-year roadmap, led Sarbanes-Oxley general IT control remediation and PCI audit work, and implemented an advanced disaster recovery program that moved critical application recovery from a 12-week objective to a three-hour objective with near-zero data loss.
Insurance Security Is Built Around Consequence
The insurance sector does not just protect data. It protects the systems customers depend on when financial, medical, operational, or personal risk becomes urgent. These CISOs reflect that responsibility in different ways, from cloud and AI security to disaster recovery, identity protection, third-party risk, healthcare compliance, bonding operations, and board-level governance. Their backgrounds show why insurance cybersecurity has to be measured not only by controls, but by continuity, readiness, and the ability to keep trust intact under pressure.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.