Senior Information Security Architect (REMOTE)
The Hanover Insurance Group
Senior Information Security Architect (HYBRID MA OR CT)
For more than 170 years, The Hanover has been committed to delivering on our promises and being there when it matters the most. We live our values every day, demonstrating we CARE through our values, ESG initiatives and IDE journey.
Our Information Security team is currently seeking a Senior Information Security Architect in our Worcester, MA or Windsor, CT offices with a hybrid flex work arrangement.
This is a full time, exempt role.
The Information Security Architecture Job Family is accountable for developing a sound, pragmatic and contemporary Information Security program focused on current and emergent business needs within the context of, and to advance, the conformance to established information security policy and standards. This includes positioning products and solutions on a formal security capability map used in part to drive an evolving view of the security roadmap.
You will work with the Enterprise and Solutions Architects, BISOs and EIRM Global Business leads for strategic direction (both conforming to and helping to define) and plays a key role as a growth/innovation driver and advocate for good design where: The work focuses on the overall architecture, design, build, and integration of security solutions or platforms spanning multiple security / technical and/or business capability domains with cost / strategic implications as a primary driver.
IN THIS ROLE, YOU WILL:
- Participate in business strategy development supporting market pursuit and ‘what-if’ scenario analysis
- Aid in development of the IT Portfolio coordinating functional and non-functional requirements with the direction and future state of parallel security initiatives
- Governance gatekeeping on major releases – you will be empowered to stop and force escalation of initiatives that are out of line with risk tolerance
- Risk Program influence on taxonomy, risk statement standardization and risk quantification
- Identify business objectives, goals and strategy
- Identify business attributes that are required to achieve those goals
- Identify all the risk associated with the attributes that can prevent a business from achieving its goals
- Identify the required controls to manage the risk
- Define a program to design and implement those controls
- Strategy and roadmap cost estimates
- Participates in risk register statement analyses and threat assessments as part of the Information Risk Management lifecycle.
- Collects, analyzes, and summarizes information risk & security data and trends.
- Informs the evolution of non-functional security requirements and control procedures in line with policies & standards and line of business objectives
- Plans security systems and controls by evaluating data, application, network, system security technologies.
- Establishing Secure Technology Patterns
- Ensures PKI, certificate authorities (CAs) and digital signatures are in place adhering to industry standards and brand protection
- Partners with Business Information Risk Officers, Business leads and Technology work Cells to verify plan technology implementation and quality assurance
- Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Serve as a primary advisor to management of the overall threat landscape utilizing existing tools to be an expert on the environmental weaknesses and risk. Will formulate reporting methods and information to advise and recommend actions to management
- Write analytical reports, documents results, and makes recommendations
- Proactively involved in developing threat detection analytic needs
- There is an on-call rotation that requires 24/7 availability to respond to incidents, however, there might be instances where 24/7 availability is required from all team members as the need arises.
WHAT YOU NEED TO APPLY:
- 8+ years of experience in information security systems architecture, controls design and implementation.
- Strong subject matter expertise with industry standard information security authoritative sources e.g. COBIT, ISO, NIST and associated architecture control and design methodologies
- Has a deep understanding of Information security for computing platforms
- Ability to deal with the ambiguity associated with working in a fast paced and changing environment
- Demonstrated success with developing a risk-aware culture through partnership with peer technology teams and supported LOB(s)
- Proficient problem-solving skills using data analytics and risk quantification – FAIR risk analysis experience or equivalent preferred
- Threat Modeling within the secure software development lifecycle
- Demonstrated success in guiding, and influencing sound risk and security remediation strategies aligned with core business objectives and risk appetite
- Strong leadership qualities and business acumen able to deal with all levels of the organization
- Sound business judgment and decision-making skills
- Able to drive and influence organizational change
- Communication to Executive Audiences
- Representation of the brand to external organizations
- Strong communication an interpersonal skill
- Strong collaboration skills
- Energetic self-starter
- Mentor of Security Architects
- Methodology Leadership
- Experience or knowledge in life insurance and/or financial services products and services
- Ability to translate information security and technical controls into Business terms that are easily understood
- Ability to read network and system architecture diagrams to determine risk and recommend actions
- Exposure to at least one common code language used by applications developed by the company.
- Ability to solve intellectual problems of substantial variety and complexity using originality and ingenuity.
- Bachelor’s degree in information security/technology or associated discipline
Requiring some combination of the following certifications or others as appropriate:
- Security +
It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop.
We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed.
- Medical, dental, vision, life, and disability insurance
- 401K with a company match
- Tuition reimbursement
- Company paid holidays
- Flexible work arrangements
- Cultural Awareness Day in support of IDE
- On-site medical/wellness center (Worcester only)
- Click here for the full list of Benefits
The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law.
Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.”
As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. Individuals with disabilities who wish to request a reasonable accommodation to participate in the job application or interview process, or to perform essential job functions, should contact us at: HRServices@hanover.com and include the link of the job posting in which you are interested.
Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please click here.
- Job Function Information Technology
- Pay Type Salary
- Required Education Bachelor’s Degree