Perform 3rd-Party Security Assessments to evaluate the security practices and programs Hartford interests
Partner with Legal and Procurement teams to ensure the company’s interests are appropriately accounted for in contractual language that enforces privacy and security considerations.
Support business areas in responding to customer inquiries regarding The Hartford’s information security policies, programs and practices
Approve remote access requests for vendor resources, based on diligence performed to ensure appropriate security protocols
Respond to ad-hoc technical security consulting requests, including at times supporting teammates with security-related projects and support services
Develop a dashboard to support ongoing analytics and metrics for various Security Office topics such as Third Party Security Assessments (TPSA,) Policy Exceptions and Incidents for consumption by Senior Leadership
Maintain awareness of existing and proposed security standards for state/federal regulations regarding information security and data privacy
Identify and assesses the severity and potential impact of risks
Communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions.
Bachelor of Science Degree or Master’s Degree in one of the following disciplines: Engineering, Computer Science, Information Security or related field.
Minimum of 5 years of work experience in Information Security and/or a closely related function such as networking, application development/security, threat management, IT Audit, IT Compliance, etc.
Strong preference will be given to candidates who currently hold a Certified Information Systems Security Professional (CISSP) designation. Candidates who do not currently hold a CISSP will be asked to acquire the designation within 6 months of the hire date
Any industry certifications such as: Certified Ethical Hacker (CEH,) GIAC certifications, Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) designations are a plus!
Proficient knowledge of regulatory compliance and information security management frameworks, including NIST CSF, NIST 800, SP80050, SP800-16, IS0 27001, 27002, COBIT, etc.
Practical experience with risk assessment frameworks, including the BITS Shared Assessments program, Cloud Security Alliance (CSA) and other benchmark approaches
Advanced understanding of technical and non-technical controls with a demonstrated ability to assess 3rd-parties and contract language
Strong organizational skills with the capacity to multi-task on projects with shifting priorities
A process-oriented mindset with a professional demeanor and customer-focused support
Effective decision-making capabilities with a proven ability to weigh the cost-benefit of potential actions or decisions
Confidence to effectively influence others to modify their opinions, plans or behaviors
Demonstrated interest in the continuous learning mindset
The Hartford Financial Services Group, Inc., usually known as The Hartford, is a United States-based investment and insurance company. The Hartford is a Fortune 500 company headquartered in its namesake city of Hartford, Connecticut. It was ranked 160th in Fortune 500 in the year of 2020. The company's earnings are divided between property-and-casualty operations, group benefits and mutual funds.
The Hartford is the 13th-largest property and casualty insurance company in the United States. It sells products primarily through a network of agents and brokers, and has also been the auto and home insurance writer for AARP members for more than 25 years.