Unum is a company of people serving people. As one of the world’s leading employee benefits providers and a Fortune 500 company, Unum helps protect more than 25 million working people and their families in the event of illness or injury. Colonial Life is a member of the Unum family of businesses and is a market leader in benefit solutions, specializing in personal insurance products offered to employees in the workplace.
Headquartered in Chattanooga, Tennessee, Unum has significant U.S. operations in Portland, Maine, Worcester, Massachusetts and Glendale, California with over 35 field offices nationwide. Colonial Life is headquartered in Columbia, South Carolina with over 40 field offices nationwide.
This position provides support for the design, implementation and ongoing maintenance of Unum’s Global Information Security & Risk Management Program. This includes assisting in the development and maintenance of policies, procedures and processes needed to address the security and IT risk needs of Unum and its partners. The information security and risk management program provides security and risk management services to Unum Group. This Global program provides for the secure operation of computing platforms, operating systems, and networks, both voice and data, to ensure the integrity and protection of information assets and compliance with regulatory requirements.
This position contributes to strategic security decisions at the corporate level and is involved in operational planning with business partners. Additionally this position is responsible for assisting with 3rd party/vendor risk assessments, completing customer Information Security Risk assessments, and assisting with vendor and customer contract reviews. Also, this role assists as the IT Audit liaison and coordinates IT audit activities between Global Services, internal audit, external audit and other external insurance and market conduct exams.
- Proactively consults on security, IT general controls and SOX regulatory compliance requirements
- Proactively consults on security requirements associated with US and UK Privacy/Security Regulations
- Assists in Establishing Enterprise-Wide Information Security policies, procedures & standards
- Develops, delivers and maintains an ongoing Information Security & Privacy Awareness program
- Uses business knowledge to assist with all aspects of responding to Customer Information Security Risk Assessment inquiries (including working directly with customers); Request For Proposals for new/renewal business, and customer and vendor contract language reviews
- Conducts comprehensive security risk assessments on 3rd party/vendors as part of the Enterprise Vendor Risk management program
- Facilitates all aspects of responding to Customer Information Security Risk Assessment inquiries (including working directly with customers); Request For Proposals for new/renewal business, and customer and vendor contract language reviews
- Coordinate and oversee the management and implementation of DLP technologies and processes, playing a key role in maintaining, testing and reviewing DLP rules
- Supports all IT audit generated projects, including reviewing and maintain metrics on all IT related audit findings
- Contributes to horizontal and enterprise business strategy development by bringing forth impacts and opportunities associated with available and emerging technologies. Ensures alignment of technology goals and plans with corporate strategies.
- Supports cross-organizational IT/Business functions in technical choices for a variety of large, strategic efforts by applying knowledge of Unum’s security framework and technical environment.
- Extends/establishes security standards and guidelines.
- Functions as a subject matter expert in security analysis and design across the enterprise.
- Shares security knowledge and expertise in multiple cross-organizational enterprise forums. Communication audience, negotiation partners, and sphere of influence extend across the enterprise, including vendors and senior level managers.
- Takes a lead role in independently and proactively proposing security solutions that address business needs across the enterprise.
- Acts as the Security Lead monitoring IT and SOX regulatory requirements.
- Leads compliance related projects, as assigned, performing all aspects of project management.
- Mentors IT professionals on various information security and IT controls requirements.
- Develops strong partnerships with business clients, application developers, software vendors and other technical resources.
- Communicates effectively with business partners and systems resources at all levels.
- Delivers effective, high-quality solutions in a timely manner.
- Performs other duties as assigned.
- BS or advanced degree in computer science or related discipline
- Five or more years of Information Security, Risk Management, Privacy or Audit experience.
- Knowledge of Privacy and IT Regulations such as HIPAA, GLBA and SOX
- Knowledge of Information Security Software, products and technologies
- Knowledge of Industry Security Standards IT General Control standards including NIST, CoBIT, ITIL,and ISO27002
- Knowledge of industry standards and best practices associated with Risk Management methodologies such as ISACA’s IT Risk Management Framework
- Solid Foundation in Mainframe & Distributed Technology
- Ability to take an enterprise view (see the big picture)
- Highly proficient in exercising leadership behaviors repeatedly in a variety of challenging situations that are complex, ambiguous, and have more disagreement/conflict
- Ability to interact with all levels within the organization, including Sr. Management
- Strong oral and written communications and presentation skills
- Strong analytical stills
- Customer Service orientation & skills
- Ability to take pro-active initiative given general direction
- Strong Consulting skills
- CISSP a plus
Unum and its family of businesses offer world-class training and development, generous compensation and benefits packages, and a culture built on employee ideas.
Unum and its family of businesses is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person’s race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status.