Senior IT Risk and Compliance Engineer
Hartford, Hartford County, Connecticut, 06112, USA
Listed on 2026-07-14
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Consultant
Overview
Talcott Resolution is seeking a Senior Information Security Analyst to join our cybersecurity team at a pivotal moment in our program’s maturation. Reporting directly to the Chief Information Security Officer, this role is a central force in how we govern risk, meet regulatory obligations, and build a security program that scales with our business. The selected candidate will partner across business units, IT, and senior leadership to advance our control capabilities.
The position will play a key role in shaping policy, driving audit exam readiness, and identifying opportunities to automate and modernize compliance processes. If you bring strong analytical instincts, clear communication, and a passion for building structure in complex environments, this role will allow you to see measurable impact and visibility. This position will work on a hybrid work arrangement in our Harford, CT office;
however, remote work will also be considered.
- Partner with business units and IT leadership to develop, maintain, and operationalize information security policies, standards, and procedures.
- Collaborate with stakeholders across the enterprise to formulate security strategies and risk reduction guidelines that align with business objectives.
- Consult with business and technology teams on building secure processes and information systems from the ground up.
- Help evolve the security awareness program, translating technical risk into clear communication for employees at all levels within the organization.
- Lead efforts with business units to assess, document, accept, and/or mitigate risk associated with enterprise-wide initiatives and third‑party relationships.
- Perform detailed threat and vulnerability analysis, combining sound analytical skills with advanced knowledge of IT security risks.
- Evaluate the severity and potential impact of identified threats, translating findings into actionable recommendations for leadership and business stakeholders.
- Maintain a current understanding of the threat landscape through ongoing research into emerging risks and their potential impact on our environment.
- Lead and perform security assessments of third parties and partners, documenting findings and driving remediation.
- Serve as a key resource in preparing for internal audits, external audits, and state regulatory examinations including drafting responses, managing evidence, and tracking remediation commitments.
- Monitor ongoing compliance with information security policies and assist business units in managing exceptions to policy and standards.
- Provide oversight of managed security services, including vulnerability management, firewall operations, Security Operations Center, and data loss prevention.
- Investigate, document, and follow through on information security incidents and policy violations, ensuring appropriate resolution and lessons learned.
- Identify and implement opportunities to automate manual GRC and compliance workflows, reducing operational overhead and improving program consistency and accuracy.
- Develop metrics, dashboards, and reporting mechanisms to provide leadership clear visibility into risk posture and program health.
- Evaluate new and emerging security technologies leading proof‑of‑concept assessments and making recommendations to management.
- Bachelor’s degree in information security, Computer Science, Information Systems, or a related field.
- Minimum of 7 years of cybersecurity experience with strong expertise in governance, risk, compliance, or audit support functions.
- Industry‑recognized certification such as CISSP, CISM, CRISC, or equivalent ISACA or GIAC credential.
- Working knowledge of security frameworks including NIST 800‑53, ISO 27001, and/or NIST CSF.
- Demonstrated experience supporting regulatory examinations or external audits, including evidence preparation and remediation tracking.
- Practical experience with cloud security controls (Azure, Oracle Cloud, or Microsoft 365).
- Experience identifying and implementing process automation within GRC or compliance workflows.
- Except…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).