Information Risk Management Director - Corporate S

About the Client:

$10 billion firm. Us headquartered. 

  • Salary in the $180,000 range + bonus and restricted stock 
  • Comprehensive Benefit and Retirement Programs. 
  • Local candidates preferred.
  • Client will consider a non-local candidate only if they have very strong ties to the position location and are committed to moving.
  • This is direct hire role.

Location:  Hartford, CT

This Position Involves the Following Responsibilities:

The position will handles end to end ownership of the Information Security life cycle within the business unit. The role will position this individual as the trusted advisor to both senior management within the Insurance vertical as well as to a wide spectrum of respective client CSO’s. The individual will be entrusted with ensuring that all aspects of Information Security, spanning across complex technology solutions, are developed in accordance with contractual requirements as well as key regulatory considerations. 

  • Serve as the lead IRM for an almost $2 Billion Insurance Line of Business. 
  • Play a key leadership role in the overall development and management of a companywide Information Risk Management strategy for the Insurance Services sector. 
  • Develop an Information Risk Management Framework/ Strategy for the insurance vertical in collaboration with an overseas peer of insurance information risk management.  

Who Will Be a Great Fit?  

  • Must have strong experience in information security within the Insurance Sector, including management experience. 
  • Knowledge and working expertise of PCI, state and federal guidelines on privacy, transactions and security. Knowledge of Financial security compliance regulations (PCI, FFIEC, GLBA, etc.). 
  • In-depth understanding of network and system security technology and practices across all major-computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology. 
  • Experience in understanding and deploying risk management frameworks 
  • Strong working knowledge of FFIEC/NIST/PCI Security laws, Standards, rules and regulations while administering overall PCI security program for the client engagement 
  • Deep insight of best practice standards such as ISO 27001, NIST, PCI is required. 
  • Expertise and success with implementing security architecture and strategies, delivering consulting security solutions for the engagement emphasized by the customer 
  • Establishing, communicating, and maintaining a charter for the security management function for the engagement 
  • Expertise and success in a role leading and collaborating directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation 
  • Security certifications desired such as CISA, CISSP, CISM, CRISC etc 
  • Certified PCI -ISA 

Demonstrates proven expertise and success managing project work streams in system security, controls or information security management environment, specifically on the following information security domains: 

  1. Security Architecture and Strategy (Integrated Risk Management) 
  2. Identity & Access Management 
  3. Data Leakage Prevention; Focus on Data Flow, Encryption 
  4. Large Complex Program Execution/Implementation 
  5. Security Function Design and Governance 
  6. Incident Management 
  7. Security Infrastructure 

email us directly to: