Principal Information Security Oversight & Assurance Analyst

Overview

FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.

This is a US-based position that is eligible for remote work. Candidates must be open to periodic travel to headquarters located in Johnston, RI, dependent on business needs. Must be willing to work EST hours.

Responsibilities

The Principal Information Security Oversight & Assurance Analyst will be an influential partner in setting direction and overseeing compliance processes within the Information Security Oversight & Assurance team. Specifically, this individual will play a key role in driving the maturation of an enhanced IT Security Controls testing program leveraging the organizations’ Governance, Risk, and Compliance (GRC) platform.

The primary focus of this position will be to strengthen FM Global’s Information Security Oversight and Assurance program through security and technology controls testing, process improvement, automation, and the continuous evolution of assurance capabilities.

Working with key stakeholders across the organization (e.g., Internal Audit, Legal, etc.), this individual will support the organization’s IT Security Controls testing program and ensure that the program remains compliant with regulatory requirements. They will be responsible for developing the annual test plan, developing test cases, and conducting testing of key security and technology controls in accordance with regulatory requirements. They will lead multiple meetings with business and IT partners (e.g., kick-off meetings, process walkthroughs, delivery of results, etc.), working to develop key relationships while assessing adherence to applicable requlatory requirements and internal controls. As a senior member of the team, they will provide guidance and direction to other team members, business representatives, and technical resources on security compliance requirements. In addition, they will work with key stakeholders to drive continuous improvement in the IT control environment by helping to identify and report on control weaknesses throughout the organization.

As a core user of the GRC platform, this individual will also be responsible for managing and maintaining the core modules that support the Oversight and Assurance team. This includes the design and implementation of new workflows, forms, and reports as needed. This individual will also be responsible for ensuring that the information within the GRC remains current with changes in regulatory requirements and compliance standards.

Qualifications

8 years of experience in information technology and 5 years of experience in IT Audit, security risk management, IT controls testing, or related security disciplines required.

Experience with MAR, Sarbanes-Oxley Act, and PCAOB auditing standards is preferred.

Knowledge and experience with Governance, Risk, and Compliance (GRC) applications as well as cybersecurity frameworks and regulations (e.g., NIST CSF, CIS, NYCRR 500, etc.)

Able to operate with a high degree of independence with regard to project management activities, including development of project plans and resource estimates.

Excellent communication and presentation skills.

Demonstrated ability to work collaboratively with technical experts, business managers, and senior leadership.

Ability to understand security risk, compliance, and technical issues and communicate into meaningful business and risk guidance and recommendation.

Cyber / information security / risk professional with the ability to think in terms of the risk rather than compliance, and risk improvement objectives rather than strict security requirements.

Strong relationship building, influencing, and consultation skills; demonstrated ability to establish and maintain positive work relationships with peers, management, and key stakeholders.

Education:

4 Year College Degree in Information Technology, Audit, Risk, Computer Science or closely related discipline or equivalent work experience.

Preferred Certifications or willingness to obtain: CISA, CISM, or CIA

The final salary offer will vary based on geographic location, individual education, skills, and experience. The position is eligible to participate in FM Global’s comprehensive Total Rewards program that includes an incentive plan, generous health, and well-being programs, a 401(k) and pension plan, career development opportunities, tuition reimbursement, flexible work, time off allowances and much more.

FM Global is an Equal Opportunity Employer and is committed to attracting, developing, and retaining a diverse workforce.