IT Security Director

Job Summary

Provide IT Security, Disaster/ Recovery, Risk Management, Compliance and Regulatory consulting assistance to both IT and the Nassau user community. Assist in developing a collaborative working relationship with Corporate Audit, external audit (PwC), and insurance & investment regulators. Provide direction to the evaluation of IT General Computer controls, and the implementation of those deemed appropriate for the protection of the general Nassau IT network and processing environment

Principal Duties and Responsibilities

• Provide IT Risk Management, Security and D/R consulting to IT and business teams.
• Conduct risk assessments, compliance, and control reviews for the IT organization and Enterprise.
• Participate and assist in the performance of self-assessments, third party reviews and due diligence associated with the storage, transmission or processing of Nassau and customer data.
• Assist in the production of management reports and presentations that inform management as to the state of information risk, audit and regulatory compliance.
• Assist in the coordination, evaluation, response, and implementation of IT audits recommendations, and regulatory reviews.
• Assist in establishing and maintaining collaborative working relationships with the risk management, audit, compliance and legal groups.
• Participate, assist and collaborate with the Nassau Business Continuity Planning team in the planning of BCPDR exercises that aim to ensure the timely restoration and recovery of designated Nassau systems in the event of a man-made or natural disaster.
• Assist in the development, implementation and publication of relevant IT Security, D/R and Compliance policies and procedures.
• Working with IT Architecture and Risk Management, assist in the development and implementation of efficient IT security administration procedures that take advantage of roles based access, automated provisioning and identity management.
• Assist in the monitoring of Service Level Agreements in the areas of IT Security and D/R operational deliverables.
• Perform other duties as assigned

Knowledge, Skills and Abilities

• Bachelor’s Degree and certifications (e.g. CISA  or CISM or CISSP) preferred. 
• 8 – 10 years of IT experience.
• Familiarity with IT General Computer controls, Sarbanes-Oxley-404, IT Security key controls and tools (e.g. RACF, VRA, AD, etc.), Risk Assessments and Disaster Recovery practices.
• Communicates well up, down and across the organization.
• Strong project management skills - Possesses proficiency in project integration by overseeing & directing multi-functional and complex projects having a significant business impact to the IT organization and broader Enterprise.
• Strong problem solving and analytical capabilities
• Strong influencing and negotiation skills

Visit our Careers page and apply online at http://www.nfg.com/.

Based in Hartford, Connecticut, Nassau Financial Group is a growth focused and digitally enabled financial services company with a fully integrated platform across insurance and asset management. Nassau was founded in 2015 and has grown to $1.6 billion in total adjusted capital, $24.8 billion in assets under management, and 370,000 policies and contracts as of September 30, 2024.

As part of a young and growing financial services enterprise, our employees are tapping into a new entrepreneurial spirit while they build on a long track record of putting customers first, understanding the evolving income and protection needs, and developing quality products to meet those needs.

Nassau provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.