Senior IT Risk and Compliance Engineer

Talcott Financial GroupHartford, CT
$125,000 - $155,000Hybrid

About The Position

Talcott Resolution is seeking a Senior Information Security Analyst to join our cybersecurity team at a pivotal moment in our program’s maturation. Reporting directly to the Chief Information Security Officer, this role is a central force in how we govern risk, meet regulatory obligations, and build a security program that scales with our business. The selected candidate will partner across business units, IT, and senior leadership to advance our control capabilities. The position will play a key role in shaping policy, driving audit examination readiness, identifying opportunities to automate and modernize compliance processes. If you bring strong analytical instincts, clear communication, and a passion for building structure in complex environments, this role will allow you to see measurable impact and visibility. This position will work on a hybrid work arrangement in our Harford, CT office however, remote work will also be considered.

Requirements

  • Bachelor’s degree in information security, Computer Science, Information Systems, or a related field.
  • Minimum of 7 years of cybersecurity experience with strong expertise in governance, risk, compliance, or audit support functions.
  • Industry-recognized certification such as CISSP, CISM, CRISC, or equivalent ISACA or GIAC credential.
  • Working knowledge of security frameworks including NIST 800-53, ISO 27001, and/or NIST CSF.
  • Demonstrated experience supporting regulatory examinations or external audits, including evidence preparation and remediation tracking.
  • Practical experience with cloud security controls (Azure, Oracle Cloud, or Microsoft 365).
  • Experience identifying and implementing process automation within GRC or compliance workflows.
  • Exceptional written and verbal communication skills, with the ability to convey technical risk clearly to non-technical audiences.
  • Strong organizational skills with the ability to manage multiple workstreams, priorities, and stakeholders simultaneously

Nice To Haves

  • Experience in the insurance or financial services industry, particularly in environments subject to state insurance department oversight is preferred
  • Familiarity with GRC platforms or security automation tooling (e.g., ServiceNow GRC, Archer, or similar) is a plus
  • Experience scripting or light automation skills (Python, PowerShell) applied to security or compliance use cases is a plus
  • Familiarity with vulnerability management programs and third-party risk assessment methodologies is preferred

Responsibilities

  • Partner with business units and IT leadership to develop, maintain, and operationalize information security policies, standards, and procedures
  • Collaborate with stakeholders across the enterprise to formulate security strategies and risk reduction guidelines that align with business objectives.
  • Consult with business and technology teams on building secure processes and information systems from the ground up
  • Help evolve the security awareness program, translating technical risk into clear communication for employees at all levels within the organization
  • Lead efforts with business units to assess, document, accept, and/or mitigate risk associated with enterprise-wide initiatives and third-party relationships
  • Perform detailed threat and vulnerability analysis, combining sound analytical skills with advanced knowledge of IT security risks
  • Evaluate the severity and potential impact of identified threats, translating findings into actionable recommendations for leadership and business stakeholders
  • Maintain a current understanding of the threat landscape through ongoing research into emerging risks and their potential impact on our environment
  • Lead and perform security assessments of third parties and partners, documenting findings and driving remediation
  • Serve as a key resource in preparing for internal audits, external audits, and state regulatory examinations including drafting responses, managing evidence, and tracking remediation commitments
  • Monitor ongoing compliance with information security policies and assist business units in managing exceptions to policy and standards
  • Provide oversight of managed security services, including vulnerability management, firewall operations, Security Operations Center, and data loss prevention
  • Investigate, document, and follow through on information security incidents and policy violations, ensuring appropriate resolution and lessons learned
  • Identify and implement opportunities to automate manual GRC and compliance workflows, reducing operational overhead and improving program consistency and accuracy
  • Develop metrics, dashboards, and reporting mechanisms to provide leadership clear visibility into risk posture and program health
  • Evaluate new and emerging security technologies leading proof-of-concept assessments and making recommendations to management

Benefits

  • annual bonuses
  • long-term incentives
  • recognition
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service