This position is for a hands-on technical leader in the Infrastructure Services organization. This Infrastructure Services organization is passionate about technology and strives to ensure ourinfrastructure is achieving our Cyber Risk and Control goals. This position will directlyreportinto the AVP Service Management and help guide Cyber control strategy, manage the Operations Governance team and lead the day to day operational success.
- Perform day to day management of the team responsible for operational governance assuring compliance to Service Governance, Secure Configuration Management, Vulnerability Management and Patch Management requirements
- Advise and coach service areas on risk management best practices, service governance, and compliance to Service Governance, Secure Configuration Management, Vulnerability Management and Patch Management requirements
- Manage and drive strategies for Service Governance, Governance of Secure Configuration Management, and Vulnerability Management and Patch Management practices as required to achieve desired level of risk
- Lead or participate as needed in cross-function teams implementing or maturing governance practices for Service Governance, Vulnerability and Patch Management.
- Lead process and governance development and / or process improvement for Service Governance, Secure Configuration Management, Patch and Vulnerability Management
- Ensure completeness of governance and controls documentation
- Ensure new controls and processes are integrated into Infrastructure Service governance framework
- Identify, track and govern against appropriate and meaningful metrics and KPIs for stakeholders for Service Governance, Patch and Vulnerability Management
- Track progress of adoption, maturity and compliance through governance processes and dashboard metrics/KPIs for Service Governance, Patch and Vulnerability Management requirement
- Encourage team resources to introduce improvements by leveraging automation and innovative approaches.
- Risk & Controls and Security certifications desirable; CISSP, CRISC
- Knowledge of (in context of Service Governance, Patch and Vulnerability Management requirements):
- Laws and regulations impacting data protection and confidentiality, integrity and availability of systems and data including PCI, Sarbanes-Oxley, NY DFS and CT regulations etc.
- Recognized information security-related policy and standards such as CIS Cybersecurity Controls and NIST Special Publication 800-53
- Technology services and related control as potential mitigation for vulnerabilities (i.e. access controls, infrastructure and platform controls, data protection and information security, network and internet security controls, logging and log review etc.)
- How technologies, processes and controls impact risk in the information systems
- Ability to translate security and operational controls or gaps into residual risk and identify mitigations
- IT Controls governance
- Process management
What Else Can You Tell Me?
The Hartford is committed to the education and growth of our Information Technology Professionals. A number of IT Certifications are available to enhance your career and growth potential. IT Professionals at The Hartford may qualify for a stipend up to $1000 per year for additional certifications
Equal Opportunity Employer/Females/Minorities/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age.