MassMutual Financial Group Business Information Security Officer in Springfield, Massachusetts

Since 1851, MassMutual’s commitment has always been to help people protect their families, support their communities, and help one another. This is why we want to inspire people to Live Mutual. We’re people helping people.

A career with us means you will work alongside exceptional people and be empowered to reach your professional and personal goals. Our employees are the foundation of what makes MassMutual a strong, stable and ethical business. We seek and value unique and varied perspectives and experiences because we believe we are stronger when all voices are heard. We invite you to bring your bright, innovative ideas to MassMutual as we continue to help millions of Americans rely on each other.

Together, we’re stronger.

Description

​​

Position Summary:

Provide state-of-the-art technical expertise and support to in-house developers to apply appropriate information security procedures and products. Provide technical expertise and support to clients, IT management and staff in risk assessments and the implementation and operation of appropriate information security procedures and products. Design, evaluate, test and implement appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery. Maintain an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and data privacy.

Responsibilities:

  • Identification of Risk – Quantify, summarize and report out on the overall risk posture of the LOB

  • Prioritization of Risk – Contribute to the overall security strategy and prioritization of LOB security efforts

  • Approve Risk Remediation Planning and Execution for aligned LOBs

  • Provide Guidance on the applicable security requirements(including nonfunctional) for projects and changes

  • Approve applicable security requirements (including nonfunctional) via controls assurance reporting for projects and changes

  • Collaborate within EIRM and with other control groups (Audit, Compliance, Enterprise Risk Management, Legal and Privacy) on information security risk issues and strategies

  • Identify areas of concern for targeted risk identification (Risk Hunting) assessments including technology, business process, project management and change management.

  • Participate in the development or revision of IT Policy and Standards and communicate and socialize with key stakeholders any impacts and necessary updates and changes

  • Approve mitigation strategy & implementation via controls assurance reporting

  • Guide and understand the Enterprise and Ops Top Risks Identification Process for MMT (MassMutual Technology). Note that this function is performed by the enterprise BISO who is responsible for aggregating input from BISOs assigned to lines of business and other EIRM towers.

  • Compare Enterprise Top Risks to Line of Business (LOB) risk landscape for any LOB security posture gaps

  • Serves as an Information Risk Security subject matter expert and participates in the development, implementation and maintenance of information security plan for the line of business (LOB)

  • Provide guidance and advocacy regarding the prioritization of LOB investments that impact information security risk

  • Contribute to the ongoing global information security initiatives and improvements

  • Communicate EIRM global capabilities / trends, work efforts and roadmap to CIOs/CTOs, Affiliates, and business leadership

  • Control design feedback loop (enterprise) (in Information Risk Governance and Ops Office)

  • Control design feedback loop (technical or tactical) (in Program Delivery Office)

  • Control design feedback loop with IT solution architect(s) and EIRM Solution Strategist

  • Help with analysis on measuring number of exceptions to standards and opportunities to change standards based on the volume of exception processing

Basic Qualifications:

  • Eight years of experience in information security and risk management – Guiding all aspects risk identification, synthesis, quantification and demonstrated sound risk remediation strategies

  • Strong subject matter expertise with industry standard information security authoritative sources e.g. COBIT, ISO , NIST and associated controls

  • Has a deep understanding of Information security for computing platforms

  • Ability to deal with the ambiguity associated with working in a fast paced and changing environment

  • Demonstrated success with developing a risk-aware culture through partnership with peer technology teams and supported LOB(s)

  • Proficient problem-solving skills using data analytics and risk quantification – FAIR risk analysis experience or equivalent preferred

  • Demonstrated success in guiding, and influencing sound risk and security remediation strategies aligned with core business objectives and risk appetite

  • Strong leadership qualities and business acumen able to deal with all levels of the organization

  • Sound business judgment and decision making skills

  • Able to drive and influence organizational change

  • Strong communication an interpersonal skills

  • Strong collaboration skills

  • Authorized to work in the U.S. without sponsorship now or in the future

Preferred Qualifications:

  • Energetic self-starter

  • Information security engineering and architecture a plus

  • Experience or knowledge in life insurance and/or financial services products and services

  • Ability to translate information security and technical controls into Business terms that are easily understood

Ranked No. 93 in the annual FORTUNE ® 500 Ranking (FORTUNE ® Magazine, June 2018) and recognized as a World’s Most Ethical Company by Ethisphere, MassMutual is guided by a single purpose: We help people secure their future and protect the ones they love. As a company owned by our policyowners, we are defined by mutuality and our vision to put customers first. It’s more than our company structure – it’s our way of life. We are a company of people protecting people. Our company exists because people are willing to share risk and resources, and rely on each other when it counts. At MassMutual, we Live Mutual.

CORE VALUES

Focus on the Customer: We understand our customers well and look for every opportunity to deliver an experience that is clear, easy, personal, human, empowering and trustworthy.

Act with Integrity: We deliver on our promises by being open, honest and humble and by adhering to the letter and spirit of applicable laws, rules, regulations and company policies.

Value People: We respect and learn from each other’s diverse backgrounds, experiences and ideas. We engage and develop people to their greatest potential.

Work Collaboratively: We work together to achieve results by actively listening, seeking, understanding and creating solutions as a unified team driving toward one company, one culture, one brand.

Achieve Results: We focus on winning by exceeding expectations and getting better – everyone, every day.

For more information, visit www.massmutual.com or find us on Facebook, Twitter, LinkedIn, YouTube, Google+, Instagram and Pinterest.

MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

At MassMutual, we’re fostering an inclusive and dynamic environment where our employees are valued for who they are and can build successful careers. For us, diversity and inclusion is more than a goal, it’s the only way forward.

• 100% rating on the Human Rights Campaign Corporate Equality Index (2018)

• National Association for Female Executives Top Company for Executive Women (2018)

• Disability Equality Index® (DEI) Best Place to Work for Disability inclusion (2018)

• Working Mother Media 100 Best Company (2017)

• Military Friendly Employer (2018)