The Hartford Senior Information Security Specialist in HARTFORD, Connecticut
Title: Senior Information Security Specialist
Location: United States-Connecticut-Hartford
Job Number: 1701705
WHAT CAN YOU TELL ME ABOUT THIS POSITIONS?The Hartford’s Information Protection (THIP) organization is looking for talented security professionals to join a high-performing team that is charged with governing, managing and delivering our company’s cybersecurity practices. As a Senior Security Specialist, this position will provide the individual an opportunity to help shape the direction of our company’s cyber security programs by providing thought leadership, professional support and valued contributions to a range of activities. We are looking for an experienced security professional, who has a breadth of knowledge and skills across various security domains, an understanding of industry best practices, and an awareness of emerging cyber threats and trends.This role within our Security Consulting and Assurance practice provides direct support to our business areas by delivering valued consulting services related to security requirements, vendor security assessments, contract reviews, customer inquiry responses, and ad-hoc security consulting requests. The right person will bring a strong process-oriented approach in delivering highly professional, responsive and customer-focused support.RESPONSIBILITIES:This position is responsible for providing security consultation to our business and technology partners through a series of professional services that include:+ Performing 3rd-Party Security Assessments, in which we evaluate the security practices and programs for those partners engaged by our company. In this capacity, the role directly interfaces with business areas and vendor partners to understand the nature of the business relationships, and then performs detailed reviews of the security practices of the vendor through a series of questionnaires, interviews and/or onsite audits. This work culminates with the communication of findings and recommendations based on a fact-based risk assessment which balances the priorities of the business against security needs and requirements of the company. + Partnering with Legal and Procurement teams to ensure the company’s interests are appropriately accounted for in contractual language that enforces privacy and security considerations. + Supporting our business areas in responding to customer inquiries regarding our own company’s information security policies, programs, and practices. + Approving remote access requests for vendor resources, based on diligence performed to ensure appropriate security protocols. + Responding to a range of ad-hoc security consulting requests, including at times supporting teammates with security-related projects and support services. + Develop dashboard and support ongoing analytics and metrics for various Security Office topics such as TPSA, Phishing, Policy Exceptions and Incidents for consumption by Senior Leadership.
WHAT ARE THE QUALIFICATIONS?Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly-effective in the role. These skills and competencies include:+ A broad and diverse security skill-set with advanced understanding of both technical and non-technical controls and the ability to effectively apply this knowledge when assessing 3rd-parties and contract language.+ An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions.+ Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate actions.+ Confidence to effectively influence others to modify their opinions, plans, or behaviors; this includes fortitude to challenge leaders to balance security in relation to business priorities.+ An understanding of business needs and a commitment to delivering high-quality, prompt, and efficient service to the business.+ Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.+ Organizational skills that enables one to work on several tasks simultaneously, providing management with appropriate insight into the workload and priorities.+ Original and innovative thinking that produces new ideas and creates innovative solutions.+ A willingness to continuously learn and develop skills commensurate to this role and other potential growth opportunities within and across the organization.A successful candidate will possess some or all of the following background and experiences:+ BS or MA in Business, Computer Science, Information Security, or related field.+ 5 years of work experience in Information Security, and/or a closely related function, such as IT Audit, IT Compliance, Enterprise Risk Management, etc.+ Proficient in Excel or other metrics reporting tools.+ Proficient knowledge of regulatory compliance and information security management frameworks, including IS0 27001, 27002, SP80050, SP800-16, NIST 800, COBIT, etc.+ Practical experience with risk assessment frameworks, including the BITS Shared Assessments program, Cloud Security Alliance (CSA) and other benchmark approaches.+ Industry recognized certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)What criteria do we use to Assess, Hire, Develop & Reward our workforce?+ Data Analysis-Input, understand, analyze and act on data + Business Owner Mindset-Operate with keen business knowledge, expense, risk & controls driven mindset + Communication-Influence through a consultative approach + Customer Driven-Focus on “Harvest” – (our enterprise continuous improvement effort), innovative problem solving, and efficient local decision making for continuous improvement + Growth & Development-Maximize development of self and othersWhat Else Can You Tell Me?The Hartford is committed to the education and growth of our Information Technology Professionals. A number of IT Certifications are available to enhance your career and growth potential. IT Professionals at The Hartford may qualify for a stipend up to $1000 per year for additional certificationsBehaviors at the Hartford+ Deliver Outcomes – Demonstrate a bias for speed and execution that serves our shareholders and customers. + Operate as a Team Player – Work together to drive solutions for the good of The Hartford. + Build Strong Partnerships – Demonstrate integrity and build trust with others. + Strive for Excellence – Motivate yourself and others to achieve high standards and continuously improve.Equal Opportunity Employer/Females/Minorities/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age** NO AGENCIES PLEASE **Job: Security