Director IT Risk Management

  • Company: The Hartford
  • Location: Charlotte, North Carolina
  • Posted: October 20, 2017
  • Reference ID: 1702707
As a company in business for more than 200 years, we understand what it means to be sustainable. We have helped people and businesses prepare for the unexpected, protect what is uniquely important to them, and prevail through life's challenges and opportunities. We do this by delivering industry leading property and casualty insurance, group benefits and mutual funds to our customers, creating a diverse and inclusive culture for our employees, financial performance for our shareholders, and by engaging with and serving the communities in which we work and live.

IT Risk Management is part of Enterprise Risk Management and serves as the second line of defense for cyber risk. This role will partner and work closely with the information security organization, technology/application areas, and internal audit to provide effective challenge and orchestrate the development of KPI's to measure the cyber security program. As a Director, IT Risk Management, you will have the opportunity to impact the direction of The Hartford's cyber security programs by providing thought leadership, professional support and valued contributions to a range of activities. We are looking for an experienced IT security professional that has a breadth of knowledge and skills across various security domains, an understanding of industry best practices, and an awareness of emerging cyber threats and trends.

The ideal candidate will be a cyber security expert with a deep technical understanding of IT/cyber related risks and technologies, strong communication/influencing skills and the expertise to join the team and immediately make meaningful contributions.

• Assess and provide effective challenge to the cyber security program

• Collaborate with first line organization to develop control environment and report KPI's which measure the effectiveness of the program

• Execute annual cyber risk assessment and manage outside consultants in the execution of penetration testing, red team exercises and validation of cyber response protocols.

• Document and evaluate current state risk management processes and capabilities within the Cyber security Risk team and identify improvements to enhance risk practices.

• Reviews the design, development, testing and implementation of appropriate IT security plans, products, firewalls and other access control techniques.

• Participates in the establishment and implementation of the firm's information security policy. Reviews the development, testing and implementation of appropriate security plans, products and control techniques. Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures where necessary.

• Maintains contact with industry security standard setting groups, and an awareness of State and Federal legislation and regulations pertaining to data privacy and information security. Proposes changes in firm-wide security policy when necessary.

• May have supervisory responsibility in instructing, assigning, directing and checking the work of the resources within their section/department.

• Supports risk management by tracking and making senior IT leaders aware of the effectiveness and maturation of their general IT control environment.

• Tracks the ongoing progress against open control issues, including those identified by Internal Audit, external examinations and various other risk identification measures.


  • Bachelors degree of equivalent work experience
  • At least 5 years of information security experience
  • CISSP, CISM or other relevant security certifications a plus
  • Broad knowledge and background in security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience.
  • Solid understanding of vulnerability assessment/management and cyber threat hunting
  • Requires excellent communication skills, analytical ability, strong judgment and management skills, and the ability to work effectively with CISO, IT management, staff, vendors and consultants.
  • Broad IT background with experience in implementing large-scale programs that involve matrixed organizations.
Behaviors at the Hartford
• Deliver Outcomes - Demonstrate a bias for speed and execution that serves our shareholders and customers.
• Operate as a Team Player - Work together to drive solutions for the good of The Hartford.
• Build Strong Partnerships - Demonstrate integrity and build trust with others.
• Strive for Excellence - Motivate yourself and others to achieve high standards and continuously improve.

Visit our website to learn about The Hartford's recognition. Information about the company and its product offerings is available at

Join us on Facebook at
Follow us on Twitter at

Equal Opportunity Employer / Females / Minorities / Veterans / Disability / Sexual Orientation / Gender Identity or Expression / Religion / Age


Share this Job