Schedule & Location: This position requires on-site work one day per week at our Corporate Headquarters and flexibility to be on-site when needed based on the demands of the business.

Relocation is not offered for this position

Summary

FM is seeking a Principal Information Security Analyst with deep expertise in cybersecurity regulatory compliance and oversight. In this high-impact role, you will lead the execution of FM's global cybersecurity regulatory compliance program, ensuring the organization proactively identifies, understands, and responds to evolving global cybersecurity requirements.

You will play a critical role in protecting FM by evaluating how cybersecurity regulatory expectations apply to our systems, data, and internal processes, and translating those requirements into actionable controls and practices. This is a highly visible role where your expertise in cyber risk, regulatory frameworks, and control design will help shape business decisions, strengthen our security posture, and ensure ongoing alignment with regulatory obligations.

You will partner closely with security, technology, risk, legal, and business teams to identify gaps, define expectations, and recommend practical, business-aligned solutions. Additionally, you will act as a primary point of coordination for external cybersecurity inquiries, including regulators, auditors, and clients.

You will lead end-to-end cybersecurity regulatory assessments and control evaluations, going beyond standard compliance activities to evaluate alignment across systems, data, and technical processes.

Key Responsibilities

• Regulatory & Compliance: Lead the end-to-end cybersecurity regulatory compliance function, including governance, processes, tooling, and reporting.

• Respond to External Inquires: Coordinate and lead responses to regulatory exams, client cybersecurity questionnaires, and other external information requests. Partner with Information Security, IT, Risk, Legal, and business stakeholders to gather, validate, and communicate accurate, consistent, and audit-ready responses aligned to FM's control environment.

• Regulatory Horizon Scanning & Impact Analysis: Proactively monitor and evaluate emerging cybersecurity regulations, standards, and guidance globally. Perform impact assessments to determine applicability and required changes to FM's control environment.

• Gap Identification & Remediation Oversight: Lead regulatory gap assessments and control evaluations. As necessary, partner with technical and business teams to define remediation actions and track remediation progress, validate closure of gaps, and escalate risks as needed.

• Governance, Reporting, & Audit Readiness: Develop and maintain metrics, dashboards, and reporting on compliance posture, risks, and trends. Provide clear, concise updates to senior leadership and governance committees.

• Advisory & Stakeholder Engagement: Act as a trusted advisor on regulatory and compliance matters across IT, security, and business teams. Provide guidance on control design, risk treatment, and regulatory alignment. Influence decisions to ensure alignment with FM's risk appetite and regulatory obligations.

• Program Maturity & Continuous Improvement: Identify opportunities to enhance program efficiency, automation, and maturity. Implement leading practices in regulatory compliance, controls management, and assurance.

• Lead and mentor: Lead complex initiatives and provide direction to cross-functional contributors. Promote a culture of accountability, transparency, and continuous improvement.

Qualifications

• 8+ years of experience in cybersecurity, information security, cyber risk, audit, or regulatory compliance. Global experience desired.

• Experience applying cybersecurity frameworks (NIST CSF 2.0, CIS v8.1), including mapping controls to regulations and using a risk-based approach to solve problems.

Regulatory & Compliance:

• Hands-on experience responding to regulatory exams, audits, or client security assessments, including evidence collection, control mapping, and response coordination.

• Experience supporting or participating in IT general controls (ITGC) or cybersecurity control audits, with an understanding of audit expectations, testing approaches, and evidence requirements.

• Familiarity with global regulatory requirements across regions (e.g., APAC, EU, US), including regulatory bodies such as APRA, IRDAI, OFSI, or MAS.

• Experience identifying control gaps, assessing compliance against regulatory expectations, and supporting remediation tracking.

Control Framework & Risk Analysis

• Strong problem-solving and analytical skills, with the ability to interpret regulatory requirements and apply them in a practical, risk-based manner.

Documentation & Audit Readiness

• Ability to develop and maintain clear, accurate, and audit-ready control documentation and supporting evidence.

• High attention to detail, particularly in documentation, quality, and accuracy of responses.

Stakeholder Engagement & Communication

• Strong stakeholder management and collaboration skills, with the ability to work effectively across Information Security & Risk Management, IT, Risk, Legal, and business teams.

• Strong verbal and written communication skills, with the ability to translate technical security concepts into clear, concise responses for regulators, clients, and business stakeholders.

Execution & Operating Discipline

• Strong organizational and time management skills, with the ability to manage multiple concurrent requests and deadlines.

• Ability to work independently, prioritize competing demands, and deliver high-quality outputs with minimal supervision.

Education

• A bachelor's degree in information security, Computer Science, Information Technology, or a related field may be considered.

• Relevant certifications in security, technology, or risk disciplines are preferred, such as CISA, CISM.

The hiring range for this position is $121,000 - $173,000. The final salary offer will vary based on geographic location, individual education, skills, and experience. The position is eligible to participate in FM's comprehensive Total Rewards program that includes an incentive plan, medical, dental and vision insurance, life and disability insurance, well-being programs, a 401(k) and pension plan, career development opportunities, tuition reimbursement, flexible work, and time off, including vacation and sick time.

#LI-NL1