Back to jobs
Talcott Financial Group

Senior IT Risk and Compliance Engineer

Hartford, CT, USPosted Yesterday
onsite

Job Description

Overview:   Talcott Resolution is seeking a Senior Information Security Analyst to join our cybersecurity team at a pivotal moment in our program’s maturation. Reporting directly to the Chief Information Security Officer, this role is a central force in how we govern risk, meet regulatory obligations, and build a security program that scales with our business. The selected candidate will partner across business units, IT, and senior leadership to advance our control capabilities. The position will play a key role in shaping policy, driving audit examination readiness, identifying opportunities to automate and modernize compliance processes. If you bring strong analytical instincts, clear communication, and a passion for building structure in complex environments, this role will allow you to see measurable impact and visibility. This position will work on a hybrid work arrangement in our Harford, CT office however, remote work will also be considered.   Responsibilities:   Governance & Policy: Partner with business units and IT leadership to develop, maintain, and operationalize information security policies, standards, and procedures Collaborate with stakeholders across the enterprise to formulate security strategies and risk reduction guidelines that align with business objectives. Consult with business and technology teams on building secure processes and information systems from the ground up Help evolve the security awareness program, translating technical risk into clear communication for employees at all levels within the organization   Risk Management: Lead efforts with business units to assess, document, accept, and/or mitigate risk associated with enterprise-wide initiatives and third-party relationships Perform detailed threat and vulnerability analysis, combining sound analytical skills with advanced knowledge of IT security risks Evaluate the severity and potential impact of identified threats, translating findings into actionable recommendations for leadership and business stakeholders Maintain a current understanding of the threat landscape through ongoing research into emerging risks and their potential impact on our environment Lead and perform security assessments of third parties and partners, documenting findings and driving remediation   Compliance, Audit & Regulatory: Serve as a key resource in preparing for internal audits, external audits, and state regulatory examinations including drafting responses, managing evidence, and tracking remediation commitments Monitor ongoing compliance with information security policies and assist business units in managing exceptions to policy and standards Provide oversight of managed security services, including vulnerability management, firewall operations, Security Operations Center, and data loss prevention Investigate, document, and follow through on information security incidents and policy violations, ensuring appropriate resolution and lessons learned   Process Automation & Program Development: Identify and implement opportunities to automate manual GRC and compliance workflows, reducing operational overhead and improving program consistency and accuracy Develop metrics, dashboards, and reporting mechanisms to provide leadership clear visibility into risk posture and program health Evaluate new and emerging security technologies leading proof-of-concept assessments and making recommendations to management   Qualifications:   Bachelor’s degree in information security, Computer Science, Information Systems, or a related field. Minimum of 7 years of cybersecurity experience with strong expertise in governance, risk, compliance, or audit support functions. Industry-recognized certification such as CISSP, CISM, CRISC, or equivalent ISACA or GIAC credential. Working knowledge of security frameworks including NIST 800-53, ISO 27001, and/or NIST CSF. Demonstrated experience supporting regulatory examinations or external audits, including evidence preparation and remediation tracking. Practical experience with cloud security controls (Azure, Oracle Cloud, or Microsoft 365). Experience identifying and implementing process automation within GRC or compliance workflows. Exceptional written and verbal communication skills, with the ability to convey technical risk clearly to non-technical audiences. Strong organizational skills with the ability to manage multiple workstreams, priorities, and stakeholders simultaneously Experience in the insurance or financial services industry, particularly in environments subject to state insurance department oversight is preferred Familiarity with GRC platforms or security automation tooling (e.g., ServiceNow GRC, Archer, or similar) is a plus Experience scripting or light automation skills (Python, PowerShell) applied to security or compliance use cases is a plus Familiarity with vulnerability management programs and third-party risk assessment methodologies is preferred
Senior IT Risk and Compliance Engineer at Talcott Financial Group | Renata