Principal Information Security Oversight & Assurance Analyst
Johnston, RI, United States
Factory Mutual Insurance CompanyFM Global's multinational presence and capabilities allow us to provide seamless insurance solutions, services and claims response around the world.
FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.
This is a US-based position that is eligible for remote work. Candidates must be open to periodic travel to headquarters located in Johnston, RI, dependent on business needs. Must be willing to work EST hours.
The Principal Information Security Oversight & Assurance Analyst will be an influential partner in setting direction and overseeing compliance processes within the Information Security Oversight & Assurance team. Specifically, this individual will play a key role in driving the maturation of an enhanced IT Security Controls testing program leveraging the organizations’ Governance, Risk, and Compliance (GRC) platform.
The primary focus of this position will be to strengthen FM Global’s Information Security Oversight and Assurance program through security and technology controls testing, process improvement, automation, and the continuous evolution of assurance capabilities.
Working with key stakeholders across the organization (e.g., Internal Audit, Legal, etc.), this individual will support the organization’s IT Security Controls testing program and ensure that the program remains compliant with regulatory requirements. They will be responsible for developing the annual test plan, developing test cases, and conducting testing of key security and technology controls in accordance with regulatory requirements. They will lead multiple meetings with business and IT partners (e.g., kick-off meetings, process walkthroughs, delivery of results, etc.), working to develop key relationships while assessing adherence to applicable requlatory requirements and internal controls. As a senior member of the team, they will provide guidance and direction to other team members, business representatives, and technical resources on security compliance requirements. In addition, they will work with key stakeholders to drive continuous improvement in the IT control environment by helping to identify and report on control weaknesses throughout the organization.
As a core user of the GRC platform, this individual will also be responsible for managing and maintaining the core modules that support the Oversight and Assurance team. This includes the design and implementation of new workflows, forms, and reports as needed. This individual will also be responsible for ensuring that the information within the GRC remains current with changes in regulatory requirements and compliance standards.
8 years of experience in information technology and 5 years of experience in IT Audit, security risk management, IT controls testing, or related security disciplines required.
Experience with MAR, Sarbanes-Oxley Act, and PCAOB auditing standards is preferred.
Knowledge and experience with Governance, Risk, and Compliance (GRC) applications as well as cybersecurity frameworks and regulations (e.g., NIST CSF, CIS, NYCRR 500, etc.)
Able to operate with a high degree of independence with regard to project management activities, including development of project plans and resource estimates.
Excellent communication and presentation skills.
Demonstrated ability to work collaboratively with technical experts, business managers, and senior leadership.
Ability to understand security risk, compliance, and technical issues and communicate into meaningful business and risk guidance and recommendation.
Cyber / information security / risk professional with the ability to think in terms of the risk rather than compliance, and risk improvement objectives rather than strict security requirements.
Strong relationship building, influencing, and consultation skills; demonstrated ability to establish and maintain positive work relationships with peers, management, and key stakeholders.
4 Year College Degree in Information Technology, Audit, Risk, Computer Science or closely related discipline or equivalent work experience.
Preferred Certifications or willingness to obtain: CISA, CISM, or CIA
The final salary offer will vary based on geographic location, individual education, skills, and experience. The position is eligible to participate in FM Global’s comprehensive Total Rewards program that includes an incentive plan, generous health, and well-being programs, a 401(k) and pension plan, career development opportunities, tuition reimbursement, flexible work, time off allowances and much more.
FM Global is an Equal Opportunity Employer and is committed to attracting, developing, and retaining a diverse workforce.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Washington, District of Columbia, … Washington, District of Columbia, United States - … Full TimeSenior Senior-levelUSD 52K - 98K * USD 52K+ *
Exploitation Analyst/Red Team - SeniorActive Directory AWS Azure Burp Suite Cloud Computer Science +20
401(k) matching Competitive pay Health care
St. Petersburg, Florida, United … St. Petersburg, Florida, United States Full TimeSenior Senior-levelUSD 95K+
Pole Star Defense
Senior IT Risk and Compliance Analyst (Audit, Governance Risk & Compliance)Audits C CIA CISA CISSP Clearance +12
Career development Fitness / gym Flex hours Flex vacation Health care +4
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Product Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Ingénieur DevSecops H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs
- Open IDS-related jobs
- Open CI/CD-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs