Principal Information Security Analyst

FMJohnston, RI
Hybrid

About The Position

FM is seeking a Principal Information Security Analyst with deep expertise in cybersecurity regulatory compliance and oversight. In this high-impact role, you will lead the execution of FM’s global cybersecurity regulatory compliance program, ensuring the organization proactively identifies, understands, and responds to evolving global cybersecurity requirements. You will play a critical role in protecting FM by evaluating how cybersecurity regulatory expectations apply to our systems, data, and internal processes, and translating those requirements into actionable controls and practices. This is a highly visible role where your expertise in cyber risk, regulatory frameworks, and control design will help shape business decisions, strengthen our security posture, and ensure ongoing alignment with regulatory obligations. You will partner closely with security, technology, risk, legal, and business teams to identify gaps, define expectations, and recommend practical, business-aligned solutions. Additionally, you will act as a primary point of coordination for external cybersecurity inquiries, including regulators, auditors, and clients. You will lead end-to-end cybersecurity regulatory assessments and control evaluations, going beyond standard compliance activities to evaluate alignment across systems, data, and technical processes.

Requirements

  • 8+ years of experience in cybersecurity, information security, cyber risk, audit, or regulatory compliance. Global experience desired.
  • Experience applying cybersecurity frameworks (NIST CSF 2.0, CIS v8.1), including mapping controls to regulations and using a risk-based approach to solve problems.
  • Hands-on experience responding to regulatory exams, audits, or client security assessments, including evidence collection, control mapping, and response coordination.
  • Experience supporting or participating in IT general controls (ITGC) or cybersecurity control audits, with an understanding of audit expectations, testing approaches, and evidence requirements.
  • Familiarity with global regulatory requirements across regions (e.g., APAC, EU, US), including regulatory bodies such as APRA, IRDAI, OFSI, or MAS.
  • Experience identifying control gaps, assessing compliance against regulatory expectations, and supporting remediation tracking.
  • Strong problem-solving and analytical skills, with the ability to interpret regulatory requirements and apply them in a practical, risk-based manner.
  • Ability to develop and maintain clear, accurate, and audit-ready control documentation and supporting evidence.
  • High attention to detail, particularly in documentation, quality, and accuracy of responses.
  • Strong stakeholder management and collaboration skills, with the ability to work effectively across Information Security & Risk Management, IT, Risk, Legal, and business teams.
  • Strong verbal and written communication skills, with the ability to translate technical security concepts into clear, concise responses for regulators, clients, and business stakeholders.
  • Strong organizational and time management skills, with the ability to manage multiple concurrent requests and deadlines.
  • Ability to work independently, prioritize competing demands, and deliver high-quality outputs with minimal supervision.
  • A bachelor's degree in information security, Computer Science, Information Technology, or a related field may be considered.

Nice To Haves

  • Relevant certifications in security, technology, or risk disciplines are preferred, such as CISA, CISM.

Responsibilities

  • Lead the end-to-end cybersecurity regulatory compliance function, including governance, processes, tooling, and reporting.
  • Coordinate and lead responses to regulatory exams, client cybersecurity questionnaires, and other external information requests. Partner with Information Security, IT, Risk, Legal, and business stakeholders to gather, validate, and communicate accurate, consistent, and audit-ready responses aligned to FM’s control environment.
  • Proactively monitor and evaluate emerging cybersecurity regulations, standards, and guidance globally. Perform impact assessments to determine applicability and required changes to FM’s control environment.
  • Lead regulatory gap assessments and control evaluations. As necessary, partner with technical and business teams to define remediation actions and track remediation progress, validate closure of gaps, and escalate risks as needed.
  • Develop and maintain metrics, dashboards, and reporting on compliance posture, risks, and trends. Provide clear, concise updates to senior leadership and governance committees.
  • Act as a trusted advisor on regulatory and compliance matters across IT, security, and business teams. Provide guidance on control design, risk treatment, and regulatory alignment. Influence decisions to ensure alignment with FM’s risk appetite and regulatory obligations.
  • Identify opportunities to enhance program efficiency, automation, and maturity. Implement leading practices in regulatory compliance, controls management, and assurance.
  • Lead complex initiatives and provide direction to cross-functional contributors. Promote a culture of accountability, transparency, and continuous improvement.

Benefits

  • Total Rewards program
  • incentive plan
  • medical insurance
  • dental insurance
  • vision insurance
  • life insurance
  • disability insurance
  • well-being programs
  • 401(k)
  • pension plan
  • career development opportunities
  • tuition reimbursement
  • flexible work
  • time off
  • vacation time
  • sick time
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service