Senior IT Risk and Compliance Engineer

Talcott Financial Group Ltd

Hartford, CT

JOB DETAILS
SKILLS
Alliance/Partner Marketing, Analysis Skills, Asset Management, Automation, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Science, Computer Security, Consulting, Documentation, Emerging Technology, Enterprise Protection, Environmental Impact, External Audit, Financial Services, Firewalls, Follow Through, GIAC - Global Information Assurance Certification, Genetics, ISACA (Information Systems Audit and Control Association), ISO (International Organization for Standardization), Information Technology & Information Systems, Information/Data Security (InfoSec), Insurance, Internal Audit, Internet Security, Leadership, Life Insurance, Loss Prevention, Machine Tool, Maintain Compliance, Metrics, Microsoft Product Family, Microsoft Windows Azure, Multitasking, Operational Improvement, Operations Security (OPSEC), Oracle, Organizational Skills, Presentation/Verbal Skills, Proof of Concept, Protective Services, Python Programming/Scripting Language, Regulations, Reporting Dashboards, Risk, Risk Analysis, Risk Management, Scripting (Scripting Languages), Security Analysis, Security Compliance, Security Monitoring, Security Policy, ServiceNow, State Laws and Regulations, Technical Leadership, U.S. National Institute of Standards and Technology (NIST), Use Cases, Windows PowerShell, Work From Home, Writing Skills
LOCATION
Hartford, CT
POSTED
2 days ago

Talcott Financial Group* is an international life insurance group and the industry's trusted partner for comprehensive risk solutions. Talcott creatively designs and expertly delivers responsive solutions that transfer risk and manage capital in a way that supports the strategic needs of insurers today and into the future.

Talcott Financial Group has a proven track record of well-executed transactions, and the enterprise benefits from its strong financial position with over $127 billion in assets under management, its investment-grade financial strength ratings, and its partnership with Sixth Street, a leading global investment firm.

Talcott Financial Group's two core business platforms include: U.S. based Talcott Resolution and Bermuda and Cayman based Talcott Re.

Overview:

Talcott Resolution is seeking a Senior Information Security Analyst to join our cybersecurity team at a pivotal moment in our program's maturation. Reporting directly to the Chief Information Security Officer, this role is a central force in how we govern risk, meet regulatory obligations, and build a security program that scales with our business. The selected candidate will partner across business units, IT, and senior leadership to advance our control capabilities. The position will play a key role in shaping policy, driving audit examination readiness, identifying opportunities to automate and modernize compliance processes. If you bring strong analytical instincts, clear communication, and a passion for building structure in complex environments, this role will allow you to see measurable impact and visibility. This position will work on a hybrid work arrangement in our Harford, CT office however, remote work will also be considered.

Responsibilities:

Governance & Policy:

  • Partner with business units and IT leadership to develop, maintain, and operationalize information security policies, standards, and procedures
  • Collaborate with stakeholders across the enterprise to formulate security strategies and risk reduction guidelines that align with business objectives.
  • Consult with business and technology teams on building secure processes and information systems from the ground up
  • Help evolve the security awareness program, translating technical risk into clear communication for employees at all levels within the organization

Risk Management:

  • Lead efforts with business units to assess, document, accept, and/or mitigate risk associated with enterprise-wide initiatives and third-party relationships
  • Perform detailed threat and vulnerability analysis, combining sound analytical skills with advanced knowledge of IT security risks
  • Evaluate the severity and potential impact of identified threats, translating findings into actionable recommendations for leadership and business stakeholders
  • Maintain a current understanding of the threat landscape through ongoing research into emerging risks and their potential impact on our environment
  • Lead and perform security assessments of third parties and partners, documenting findings and driving remediation

Compliance, Audit & Regulatory:

  • Serve as a key resource in preparing for internal audits, external audits, and state regulatory examinations including drafting responses, managing evidence, and tracking remediation commitments
  • Monitor ongoing compliance with information security policies and assist business units in managing exceptions to policy and standards
  • Provide oversight of managed security services, including vulnerability management, firewall operations, Security Operations Center, and data loss prevention
  • Investigate, document, and follow through on information security incidents and policy violations, ensuring appropriate resolution and lessons learned

Process Automation & Program Development:

  • Identify and implement opportunities to automate manual GRC and compliance workflows, reducing operational overhead and improving program consistency and accuracy
  • Develop metrics, dashboards, and reporting mechanisms to provide leadership clear visibility into risk posture and program health
  • Evaluate new and emerging security technologies leading proof-of-concept assessments and making recommendations to management

Qualifications:

  • Bachelor's degree in information security, Computer Science, Information Systems, or a related field.
  • Minimum of 7 years of cybersecurity experience with strong expertise in governance, risk, compliance, or audit support functions.
  • Industry-recognized certification such as CISSP, CISM, CRISC, or equivalent ISACA or GIAC credential.
  • Working knowledge of security frameworks including NIST 800-53, ISO 27001, and/or NIST CSF.
  • Demonstrated experience supporting regulatory examinations or external audits, including evidence preparation and remediation tracking.
  • Practical experience with cloud security controls (Azure, Oracle Cloud, or Microsoft 365).
  • Experience identifying and implementing process automation within GRC or compliance workflows.
  • Exceptional written and verbal communication skills, with the ability to convey technical risk clearly to non-technical audiences.
  • Strong organizational skills with the ability to manage multiple workstreams, priorities, and stakeholders simultaneously
  • Experience in the insurance or financial services industry, particularly in environments subject to state insurance department oversight is preferred
  • Familiarity with GRC platforms or security automation tooling (e.g., ServiceNow GRC, Archer, or similar) is a plus
  • Experience scripting or light automation skills (Python, PowerShell) applied to security or compliance use cases is a plus
  • Familiarity with vulnerability management programs and third-party risk assessment methodologies is preferred

Compensation:

This range represents the minimum and maximum annual base salary we reasonably expect to pay for this role at the time of posting. The actual base pay could vary and may be above or below the listed range. The base pay is based on factors including but not limited to experience, competence, and demonstration of proficiencies essential for the role. The base pay is just one component of Talcott's total annual compensation for employees. Other compensation may include annual bonuses, long-term incentives and recognition.

  • This role is not eligible for visa sponsorship. Applicants must be authorized to work in the United States on a full-time basis without current or future visa sponsorship.

Talcott Financial Group is an equal employment employer. All qualified applicants will receive consideration without regard to race, color, sex, religion, age, national origin, disability, veteran status, sexual orientation, gender identity or expression, marital status, ancestry or citizenship status, genetic information, pregnancy status or any other characteristic protected by law. Talcott Resolution maintains a drug-free workplace. For more information regarding our Privacy Policy, please go to https://talcott.com/onlineprivacypolicy/onlineprivacypolicy.html

About the Company

T

Talcott Financial Group Ltd