At Liberty Mutual, technology isn't just a part of our business, it's what drives us forward. We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance.
GRM US is actively searching for a Principal Information Security Analyst. This candidate will receive general direction from the Information Security Manager and is competent to work at the highest level within Liberty Mutual. They will provide functional leadership in the areas of security analysis, system design, documentation, testing, implementation and support for highly complex applications. You would be directly responsible for securing projects or sub-projects of significant technical complexity. Decisions require analytical, interpretative and creative thinking that may not conform to established patterns in order to solve security problems. You may be required to be proactive or pre-emptive in taking action to minimize or prevent threats to Liberty Mutual systems, users and data. You must be an effective communicator and be able to understand highly complex technical issues with confidentiality and sensitivity to diverse audiences as appropriate.
About the job:
* Provides technical expertise and support to client, IT management and other infrastructure staff in risk assessments, implementation and operational aspects of appropriate information security procedures and controls. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes. Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations and how they will affect the LMIG environment.
* Develops systems scanning and vulnerability strategies and testing protocols to achieve compliance with set standards. Develops and oversees remediation processes.
* Participates in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environment (e.g., company-wide, distributed, client server systems, and e-applications).
* Performs access control and account administration of critical information resources and design of processes to manage privileged users and user accounts.
* Consults with client and development area management or staff in the design and implementation of new or modified information security systems and operations
* Coordinates tests and implements appropriate security methods and control
* Facilitates teamwork process and meetings and provides training to clients or teams during implementation.
* Acts as a liaison to the product groups and Architecture & Engineering and assists them in the implementation of security technologies and applications security.
* Helps with the development communications and related campaigns for information security awareness among all staff.
* Conduct security architectural reviews on projects, applications and initiatives that ensure that corporate security policy, standards and guidelines are adhered to.
* Perform security architecture gap analysis, identify solutions and position them in the security architecture for reuse.
* May use automated tools, utilities and visual inspection of application source code to find security weaknesses and code flaws. Educate development teams on best practices and techniques to prevent application exploitation.
* May construct written reports for application development team's findings from code reviews, penetration testing, ethical hacking and other assessments that provide clear problem definitions, proposed fix actions and mitigating controls that allow the teams to remediate the application.
* Determine significant risk points and exercise process for risk assessment and risk acceptance.
* Evaluate, test and select security tools, evaluation products and control products.
* Reviews the development, testing and implementation of security plans, products and control techniques.
* Performs related duties as assigned or requested.
* Bachelor's degree in Computer Science or a related discipline. * Minimum 9 years of solid work experience in information security or software development and architecture * Requires analytical ability, strong judgment and problem analysis as well as a broad knowledge of business function(s), information technologies and Information Security best practices. * Requires highly developed communication, negotiation, presentation and consensus building skills. * Requires a thorough knowledge of business objectives, strategies and operations to provide technical expertise and support to in-house developers and to apply appropriate information security procedures and products. * CISSP certification, or equivalent is a plus * Great team player requirement with a desire to have fun
We take care of our employees…
We strongly believe that a great job should keep you happy both at work-and in life. That's why we offer:
* Workplace Flexibility * Wellness Perks * Collaborative workspaces * Sit/stand desks * Career development, programs and classes * Diversity & Inclusion programs * Commuter Benefits * Adoption Assistance * College Savings Plan * Education reimbursement * Hackathon Events