The Information Data Security Lead Engineer, will assist with technical leadership and supervision, is responsible for designing, implementing, and maintaining the organization's information security data security infrastructure. The role requires the identification and mitigation of security risks, the development and enforcement of security policies, and ensuring compliance with industry regulations. The role collaborates with cross-functional teams, assesses the security posture, conducts risk assessments, and implements effective security controls. Additionally, the role requires monitoring security events, investigating incidents, and providing recommendations for remediation. The role is crucial in safeguarding the confidentiality, integrity, and availability of sensitive information, contributing to the maintenance of a strong and resilient security posture within the company. #LI-DNI
- Leads the design, implementation, and management of comprehensive information security programs and initiatives in the insurance company, ensuring the confidentiality, integrity, and availability of information assets.
- Conducts advanced security assessments, threat modeling, and risk analysis of the company's data infrastructure, systems, and applications, providing insights and recommendations for mitigating risks and strengthening security controls.
- Lead the development, implementation, and maintenance of robust security controls, data loss prevention systems, and encryption technologies, to protect the company's data.
- Lead or participate in incident response activities, including security incident investigation, containment, and remediation, collaborating with internal teams and external stakeholders to minimize the impact of security incidents and prevent recurrence.
- Serves as a subject matter expert (SME) for leading the design, implementation, and maintenance of database monitoring solutions to business areas, project teams and vendors to apply and execute appropriate use of technology solutions.
- Lead the delivery of DLP program objectives, implement DLP controls, define standards and policies.
- Assess, report on, and make recommendations regarding current and proposed architectures, strategies, and systems in the DLP space.
- Collaborates with cross-functional teams to define and enforce information security policies, standards, and procedures, ensuring compliance with relevant regulations, industry frameworks, and best practices.
- Provides technical guidance and mentorship to junior security engineers, sharing expertise in areas such as secure architecture design, secure coding practices, and vulnerability management.
- Engages with industry forums, security communities, and regulatory bodies to stay informed about emerging security threats and regulations, representing the insurance company's interests and contributing to industry-wide security initiatives.
- Bachelor's degree in Information Security, Computer Science, IT, or related field. Master's degree preferred.
- 6-10 years of experience in Information Security, with at least 2 years in a leadership role focused on data security.
- In-depth knowledge of data protection laws (GDPR, HIPAA) and security standards (ISO 27001, NIST).
- 1+ year of experience with Agile process, JIRA stories and reports
- At least 2 relevant certifications: CISSP, CISM, CRISC, or similar.
Location Hybrid defined as three (3) or more days per week in the office Behavioral Competencies
- Collaborates
- Communicates Effectively
- Customer Focus
- Decision Quality
- Nimble Learning
Founded in 1848, Westfield is a global leader in property and casualty insurance, delivering superior risk insights and innovative solutions to customers through a diverse portfolio of insurance products. Westfield underwrites commercial, personal, surety, and specialty lines of coverage through a network of leading independent agents and brokers in the United States and specialty products through Lloyd's of London Syndicate 1200. As a mutual insurance company with more than 3,000 employees, Westfield has revenues in excess of $4 billion and more than $10 billion in assets.
|