MassMutual Financial Group Digital Security and Risk Consultant in Boston, Massachusetts

Founded in 1851, MassMutual is committed to its purpose: We help people secure their future and protect the ones they love. Ranked No. 76 in the annual FORTUNE® 500 ranking (FORTUNE® Magazine, 6/15/16), MassMutual continues its long history of financial strength. We invite you to bring your bright, innovative ideas to MassMutual as we continue to help millions of Americans achieve their financial goals. We continue to be recognized for our efforts to create a diverse and inclusive workplace! MassMutual is one of DiversityInc s 2016 Top 50 Companies for Diversity and ranked a 2016 Top 10 Company for Executive Women by the National Association for Female Executives. In 2015, after more than 15 years of earning a place on the Working Mother Top 100 Best Companies list, MassMutual was inducted into the Working Mother Hall of Fame. MassMutual also scored 100 percent on The Human Rights Campaign's Corporate Equality Index (CEI) to earn a spot on the CEI Best Places to Work List (2016). In addition, MassMutual has been recognized as a World s Most Ethical Company by the Ethisphere Institute and 2016 Military Friendly Employer by Military Friendly.

For more information, visit or find us on Facebook, Twitter, LinkedIn, YouTube, Google+ and Pinterest.

MassMutual Financial Group is a marketing name for Massachusetts Mutual Life Insurance Company (MassMutual) and its affiliated companies and sales representatives. CRN201806


MassMutual is seeking a Digital Security and Risk professional with a focus on Application & Information Security & Controls to join our Information Risk Assurance Team. This role will be responsible for identifying and recommending and implementing appropriate security and control solutions in line with policies, standards and best practices. A good understanding of leading industry security trends and exposure points is a must to facilitate maintaining an appropriate security and risk posture within our digital initiatives. The right person will have a background in web and mobile security and software development as well as a strong risk and controls mindset.


• Works collaboratively as part of an agile development team, on highly visible, divisional/cross-divisional complex projects

• Sought as a key resource for resolution of unique or complex business problems

• Drives continuous improvement and efficiencies beyond own scope of responsibility

• Participate in various forums, to ensure appropriate identification of information risk and drive definition, design and implementation of control procedures to mitigate that risk

• Utilize effective organizational influence / conflict resolution, verbal and written communication, and leadership skills to communicate a risk based approach to security and control design in line with business goals and vision


Basic Job Qualifications:

• Minimum of 5 years of progressive experience in Information Security Risk and Controls definition and design.

• This role requires at least one information security, compliance, regulatory or related domain certification (CISSP, CEH, CRISC, CISA, CISM, etc.)

• BS in Computer Science or a related field is required

• Proven expertise in mitigating and addressing threat vectors including Dev Ops, Secure Coding (OWASP), and Information Assurance across private, public and hybrid cloud environments, including experience with technologies such as Jenkins, code repositories, chef/puppet

• 3+ years experience and proven competency with regulatory mandates such as GLBA, HIPAA, PCI and SOX

• Proven competency with risk management frameworks such as ISO 27001, NIST and Cobit

• Authorized to work in the US without sponsorship now or in the future

Preferred Job Qualifications:

• Lead security & control assessments on applications, APIs and platforms

• Help ensure designs and implementations meet security best practice and defined standards

• Build and tune processes and procedures to scale security assessment for faster feedback to the team.

• Facilitate the definition, design and implementation of security and control solutions and procedures and automate where possible

• Communicate technology related policies and standards and how they should be applied within the Digital Business units to ensure risk is managed to an acceptable level and compliance achieved where it represents a significant risk to the business

• Collaborate with Architecture resources to proactively identify potential risk exposures within new digital technology solutions and partner with application development teams and core information risk services groups to design and implement appropriate control solutions and procedures to mitigate risk / exposure

• Serve as a Risk and Security Controls Consultant on projects, RFP s & internal/external requests for security specific information

• Take a lead role in conducting security research on threats and remediation techniques/ technology, make recommendations to the IS/IT teams and oversee implementation

• Previous/current experience in a highly-regulated industry, or in banking or financial services, is strongly preferred

• Understanding of technologies used to collect, share, access and use personal information. This includes an understanding of identity verification, encryption and secure coding practices


• Focus on the Customer: Know your customers well; add value with a sense of urgency.

• Act with Integrity: Be trustworthy, adhere to high ethical standards and adhere to the letter and spirit of applicable laws, rules, regulations and company policies

• Value People: Lead people to success; appreciate diverse backgrounds, ideas and experiences.

• Work Collaboratively: Partner with others to achieve results that leverage the right resources

• Achieve Results: Focus on winning; consistently exceeds expectations, beat the competition

MassMutual Financial Group is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply.

MassMutual provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, citizenship status, ancestry or status as a protected veteran in accordance with applicable federal, state and local law. MassMutual complies with applicable federal, state and local law governing nondiscrimination in employment in every location in which the company has facilities. EEO applies to all terms and conditions of employment, including, hiring, placement, promotion, discipline, termination, leaves of absence, compensation and training. MassMutual also has affirmative action programs designed to achieve equal employment opportunity for minorities, women, individuals with disabilities and protected veterans. Human Resources is responsible for the design, implementation, communication, and monitoring of affirmative action and other equal employment opportunity programs.