Senior IT Risk and Compliance Engineer
Overview
Talcott Resolution is seeking a Senior Information Security Analyst to join our cybersecurity team at a pivotal moment in our program’s maturation.
Responsibilities
Partner with business units and IT leadership to develop, maintain, and operationalize information security policies, standards, and procedures
Collaborate with stakeholders across the enterprise to formulate security strategies and risk reduction guidelines that align with business objectives
Consult with business and technology teams on building secure processes and information systems from the ground up
Help evolve the security awareness program, translating technical risk into clear communication for employees at all levels within the organization
Lead efforts with business units to assess, document, accept, and/or mitigate risk associated with enterprise-wide initiatives and third-party relationships
Perform detailed threat and vulnerability analysis, combining sound analytical skills with advanced knowledge of IT security risks
Evaluate the severity and potential impact of identified threats, translating findings into actionable recommendations for leadership and business stakeholders
Lead and perform security assessments of third parties and partners, documenting findings and driving remediation
Serve as a key resource in preparing for internal audits, external audits, and state regulatory examinations including drafting responses, managing evidence, and tracking remediation commitments
Maintain a current understanding of the threat landscape through ongoing research into emerging risks and their potential impact on our environment
Monitor ongoing compliance with information security policies and assist business units in managing exceptions to policy and standards
Identify and implement opportunities to automate manual GRC and compliance workflows, reducing operational overhead and improving program consistency and accuracy
Develop metrics, dashboards, and reporting mechanisms to provide leadership clear visibility into risk posture and program health
Evaluate new and emerging security technologies leading proof-of-concept assessments and making recommendations to management
Qualifications
Bachelor’s degree in information security, Computer Science, Information Systems, or a related field
Minimum of 7 years of cybersecurity experience with strong expertise in governance, risk, compliance, or audit support functions
Industry-recognized certification such as CISSP, CISM, CRISC, or equivalent ISACA or GIAC credential
Practical experience with cloud security controls (Azure, Oracle Cloud, or Microsoft 365)
Demonstrated experience supporting regulatory examinations or external audits, including evidence preparation and remediation tracking
Exceptional written and verbal communication skills, with the ability to convey technical risk clearly to non-technical audiences
Strong organizational skills with the ability to manage multiple workstreams, priorities, and stakeholders simultaneously
Experience in the insurance or financial services industry, particularly in environments subject to state insurance department oversight is preferred
Familiarity with GRC platforms or security automation tooling (e.g., ServiceNow GRC, Archer, or similar)
Experience scripting or light automation skills (Python, PowerShell) applied to security or compliance use cases
Familiarity with vulnerability management programs and third-party risk assessment methodologies