Cybersecurity is a high priority at The Hartford and we have a talented, cutting edge team dedicated to the managing and delivering of our company's cybersecurity practices. As a Senior Analyst, IT Security and Compliance, you will have the opportunity to impact the direction of The Hartford's cybersecurity programs by providing thought leadership, professional support and valued contributions to a range of activities. We are looking for an experienced IT security professional who has a breadth of knowledge and skills across various security domains, an understanding of industry best practices, and an awareness of emerging cyber threats and trends.
Responsible for security assessment of existing information technology implementation. Provides technical expertise and support to clients, IT management and staff in risk assessment and the implementation of appropriate security procedures and products.
- Responsible for enterprise cyber security risk assessment.
- Directs a risk-based program that drives compliance remediation activities across Enterprise IT.
- Drive control effective testing for controls implemented by Enterprise IT.
- Participate and support penetration testing and red-team assessment program.
- Influence the establishment and implementation of the information security policy. Reviews the development, testing and implementation of appropriate security plans, products and control techniques. Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures where necessary.
- Maintains contact with industry security standard setting groups, and an awareness of State and Federal legislation and regulations pertaining to data privacy and information security. Proposes changes in firm-wide security policy when necessary.
- Develops communications and related campaigns for information security awareness among all staff. Prepares activity and progress reports.
- Supports risk management by tracking and making senior IT leaders aware of the effectiveness and maturation of their general IT control environment.
- Program manages large remediation efforts that involve multiple lines of business IT areas.
- Tracks the ongoing progress against open control issues, including those identified by Internal Audit, SOx testing, external examinations and various other risk identification measures.
- At least 10 years of IT experience, including 5 years or more working in cyber security assessments, evaluating and protecting infrastructure and network.
- Industry certification such as CISSP or CEH is preferred.
- Experience working with external penetration testing and remediation.
- Broad understanding of various cyber security capabilities to support cyber risk assessments.
- Knowledge of security assessments for network infrastructure.
- Knowledge of programming or scripting.
- Knowledge of SaaS, PaaS and IaaS security controls.
- Knowledge of security frameworks such as NIST 800-53, CSC or ISO.
- Ability to communicate with technical subject matter experts, senior IT leaders and business partners for assessment interviews and to share the assessment findings.
- Requires excellent communication skills, analytical ability, and the ability to work effectively with client, IT management, vendors and consultants.
- Broad IT background with experience in implementing large-scale programs that involve multiple organizations.
Equal Opportunity Employer/Females/Minorities/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age