Information Security Specialist

We’re determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals – and to help others accomplish theirs, too. Join our team as we help shape the future.

The Hartford’s Information Protection (THIP) organization is looking for a talented Information Security Specialist to join a high-performing team of cutting-edge cyber professionals. Our Business Security and Governance team provides direct support to our business areas by delivering valued consulting services for security requirements, vendor security assessments, contract reviews, customer inquiry responses and ad-hoc security consulting requests. These security personnel are responsible for governing, managing and delivering on The Hartford’s cybersecurity practices.

The Information Security Specialist will help to support the direction of our company’s cyber security programs thru, professional support and technical expertise.  The individual shall be aware of basic industry standards such as NIST and ISO, ability to understand government regulations and track emerging cyber threats. In addition, this individual will have a general knowledge regarding security domains such as multifactor authentication, network security and third-party risk Specialist will interface with business segments and vendor partners to understand the services and perform detailed reviews of the security practices of the vendor through questionnaires, interviews, and supporting material. This work culminates with the communication of findings and recommendations based on a risk assessment which balances business priorities against security needs and requirements of the company.

RESPONSIBILITIES:

• Support vendor oversight and monitoring programs to identify emerging risks.
• Perform third-Party Security Assessments to evaluate the security practices and programs to protect The Hartford’s interests.
• Support business areas in responding to customer inquiries regarding The Hartford’s information security policies, programs and practices.
• Approve remote access requests for vendor resources, based on diligence performed to ensure appropriate security protocols.
• Respond to ad-hoc technical security consulting requests, including at times supporting teammates with security-related projects and support services.
• Maintain awareness of existing and proposed security standards for state/federal regulations regarding information security and data privacy.
• Identify and assesses the technical severity and potential business impacts to classify risks.
• Communicate post risk assessment findings to internal stakeholders Information Security concepts in a way that consistently drives objective, fact-based decisions.
• Participate phishing email reviews and assist in security awareness activities.

Candidate must be authorized to work in the US without company sponsorship. The company will not support the STEM OPT I-983 Training Plan endorsement for this position.

QUALIFICATIONS:

• Bachelor of Science Degree in Engineering, Computer Science, Information Security, or a related field.
• 2-5 years of work experience in Information Security or a closely related function such as threat management, IT Risk, IT Audit, IT Compliance, etc.
• Knowledge of regulatory compliance and information security management frameworks, including NIST CSF, NIST 800 series, ISO 2700 series, COBIT, etc.
• Experience with risk assessment frameworks, including the BITS Shared Assessments program, Cloud Security Alliance (CSA), and other benchmark approaches.
• Understanding of cloud concepts, including primary cloud service models.
• General understanding of technical and non-technical controls with the ability to assess third parties and determine risks.
• Strong organizational skills with the ability to multi-task on projects with shifting priorities.
• A process-oriented mindset with a professional demeanor and customer-focused approach.
• Effective decision-making capabilities with the ability to weigh the cost-benefit of potential actions or decisions.
• Excellent written and verbal communication skills.
• Interest in continuous learning with willingness to pursue industry security certifications such as CISSP, CISM, CISA, CRISC, CIPP, CDPSE within the first year of employment.

This role will have a Hybrid work schedule, with the expectation of working in an office (Columbus, OH, Chicago, IL, Hartford, CT or Charlotte, NC) 3 days a week (Tuesday through Thursday). This role is not eligible for fully remote schedule.

Compensation

The listed annualized base pay range is primarily based on analysis of similar positions in the external market. Actual base pay could vary and may be above or below the listed range based on factors including but not limited to performance, proficiency and demonstration of competencies required for the role. The base pay is just one component of The Hartford’s total compensation package for employees. Other rewards may include short-term or annual bonuses, long-term incentives, and on-the-spot recognition. The annualized base pay range for this role is:

Equal Opportunity Employer/Sex/Race/Color/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age

About Us | Culture & Employee Insights | Diversity, Equity and Inclusion | Benefits