Manager Information Security - IS07CE
We’re determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals – and to help others accomplish theirs, too. Join our team as we help shape the future.
We are seeking an experienced Technology Risk Manager with expertise in Cybersecurity and Vulnerability Management to oversee and mature our First Line Technology Risk program. This role will serve as a key risk partner to Technology, Cybersecurity, and Governance teams, ensuring security risks are identified and prioritized in alignment with the organization’s risk appetite. The ideal candidate brings a strong background in formal risk management, executive‑level communication, and cross‑functional partnership across the three lines of defense. Insurance or financial services experience is highly desirable.
Why Join Us?
This role offers the opportunity to shape and influence enterprise‑wide cybersecurity risk outcomes, partner with senior leaders, and play a critical role in protecting the organization while enabling business and technology innovation.
Key Responsibilities
- Oversee the enterprise Vulnerability Management Risk Program, ensuring effective governance, prioritization, and risk‑based decision‑making
- Partner with technology and cybersecurity owners to review findings, validate risk severity, develop remediation plans, and manage risk acceptances
- Track, analyze, and report key risk indicators (KRIs), metrics, and trends, delivering clear, actionable insights to senior leadership and executive stakeholders
- Ensure cybersecurity risk management practices align with industry frameworks and regulatory expectations (e.g., NIST, ISO, FAIR, COBIT)
- Act as a liaison to 2nd line (Enterprise Risk Management, Compliance) and 3rd line (Internal Audit) teams, supporting risk assessments, exams, and audits
- Drive continuous improvement of risk processes, tooling, metrics, and governance to enhance cybersecurity risk posture
- Support risk‑based decision making by facilitating risk acceptances, exceptions, and remediation timelines in alignment with risk appetite
This role will have a Hybrid work schedule, with the expectation of working in an office (Columbus, OH or Hartford, CT) 3 days a week (Tuesday through Thursday).
Required Qualifications
- 5+ years of formal Technology Risk or Cybersecurity Risk Management experience
- Strong background in Cybersecurity and Vulnerability Management, including vulnerability lifecycle management and risk prioritization
- Strong understanding of controls and risks aligned to Identity and Access Management, Cyber Operations, Data security, Cloud Security, and Gen AI Security
- Demonstrated experience partnering with technology, infrastructure, application, and cloud teams
- Proven ability to communicate complex technical risk concepts to non‑technical and executive audiences
- Experience developing and reporting risk metrics, dashboards, and executive‑level reporting
- Solid understanding of risk management frameworks and standards (e.g., NIST CSF, NIST 800‑53, ISO 27001, FAIR, COBIT)
- Experience operating within a three lines of defense model
- Strong leadership, influence, and stakeholder management skills
Preferred Qualifications
- Insurance industry or broader financial services experience
- Prior experience supporting regulatory exams, internal audits, and external assessments
- Experience leveraging automation and AI to improve cyber risk management processes, including risk identification, assessment, monitoring, and reporting.
- Familiarity with vulnerability scanning tools and risk governance platforms
- Experience with risk frameworks and formal risk documentation
- Relevant certifications such as CISSP, CISM, CRISC, or CISA
- Experience operating in large, complex, or highly regulated enterprise environments
Candidate must be authorized to work in the US without company sponsorship. The company will not support the STEM OPT I-983 Training Plan endorsement for this position.
Compensation
The listed annualized base pay range is primarily based on analysis of similar positions in the external market. Actual base pay could vary and may be above or below the listed range based on factors including but not limited to performance, proficiency and demonstration of competencies required for the role. The base pay is just one component of The Hartford’s total compensation package for employees. Other rewards may include short-term or annual bonuses, long-term incentives, and on-the-spot recognition. The annualized base pay range for this role is:
$126,800 - $190,200
Equal Opportunity Employer/Sex/Race/Color/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age
About Us | Our Culture | What It’s Like to Work Here | Perks & Benefits