← all jobs

Principal Information Security Analyst

Work from home Full-time role Hiring

Job Description

Established nearly two centuries ago, FM is a leading mutual insurance company whose capital, scientific research capability and engineering expertise are solely dedicated to property risk management and the resilience of its policyholder-owners. These owners, who share the belief that the majority of property loss is preventable, represent many of the world’s largest organizations, including one of every four Fortune 500 companies. They work with FM to better understand the hazards that can impact their business continuity to make cost-effective risk management decisions, combining property loss prevention with insurance protection. Schedule & Location: This position requires on-site work one day per week at our Corporate Headquarters and flexibility to be on-site when needed based on the demands of the business. Relocation is not offered for this position.

Summary

FM is seeking a Principal Information Security Analyst with deep expertise in cybersecurity regulatory compliance and oversight. In this high-impact role, you will lead the execution of FM’s global cybersecurity regulatory compliance program, ensuring the organization proactively identifies, understands, and responds to evolving global cybersecurity requirements. You will play a critical role in protecting FM by evaluating how cybersecurity regulatory expectations apply to our systems, data, and internal processes, and translating those requirements into actionable controls and practices. This is a highly visible role where your expertise in cyber risk, regulatory frameworks, and control design will help shape business decisions, strengthen our security posture, and ensure ongoing alignment with regulatory obligations. You will partner closely with security, technology, risk, legal, and business teams to identify gaps, define expectations, and recommend practical, business-aligned solutions. Additionally, you will act as a primary point of coordination for external cybersecurity inquiries, including regulators, auditors, and clients. You will lead end-to-end cybersecurity regulatory assessments and control evaluations, going beyond standard compliance activities to evaluate alignment across systems, data, and technical processes.

Key Responsibilities

  • Regulatory & Compliance: Lead the end-to-end cybersecurity regulatory compliance function, including governance, processes, tooling, and reporting.
  • Respond to External Inquires: Coordinate and lead responses to regulatory exams, client cybersecurity questionnaires, and other external information requests. Partner with Information Security, IT, Risk, Legal, and business stakeholders to gather, validate, and communicate accurate, consistent, and audit-ready responses aligned to FM’s control environment.
  • Regulatory Horizon Scanning & Impact Analysis: Proactively monitor and evaluate emerging cybersecurity regulations, standards, and guidance globally. Perform impact assessments to determine applicability and required changes to FM’s control environment.
  • Gap Identification & Remediation Oversight: Lead regulatory gap assessments and control evaluations. As necessary, partner with technical and business teams to define remediation actions and track remediation progress, validate closure of gaps, and escalate risks as needed.
  • Governance, Reporting, & Audit Readiness: Develop and maintain metrics, dashboards, and reporting on compliance posture, risks, and trends. Provide clear, concise updates to senior leadership and governance committees.
  • Advisory & Stakeholder Engagement: Act as a trusted advisor on regulatory and compliance matters across IT, security, and business teams. Provide guidance on control design, risk treatment, and regulatory alignment. Influence decisions to ensure alignment with FM’s risk appetite and regulatory obligations.
  • Program Maturity & Continuous Improvement: Identify opportunities to enhance program efficiency, automation, and maturity. Implement leading practices in regulatory compliance, controls management, and assurance.
  • Lead and mentor: Lead complex initiatives and provide direction to cross-functional contributors. Promote a culture of accountability, transparency, and continuous improvement.

Qualifications

  • 8+ years of experience in cybersecurity, information security, cyber risk, audit, or regulatory compliance. Global experience desired.
  • Experience applying cybersecurity frameworks (NIST CSF 2.0, CIS v8.1), including mapping controls to regulations and using a risk-based approach to solve problems.

Regulatory & Compliance

  • Hands-on experience responding to regulatory exams, audits, or client security assessments, including evidence collection, control mapping, and response coordination.
  • Experience supporting or participating in IT general controls (ITGC) or cybersecurity control audits, with an understanding of audit expectations, testing approaches, and evidence requirements.
  • Familiarity with global regulatory requirements across regions (e.g., APAC, EU, US), including regulatory bodies such as APRA, IRDAI, OFSI, or MAS.
  • Experience identifying control gaps, assessing compliance against regulatory expectations, and supporting remediation tracking.

Control Framework & Risk Analysis

  • Strong problem-solving and analytical skills, with the ability to interpret regulatory requirements and apply them in a practical, risk-based manner.

Documentation & Audit Readiness

  • Ability to develop and maintain clear, accurate, and audit-ready control documentation and supporting evidence.
  • High attention to detail, particularly in documentation, quality, and accuracy of responses.

Stakeholder Engagement & Communication

  • Strong stakeholder management and collaboration skills, with the ability to work effectively across Information Security & Risk Management, IT, Risk, Legal, and business teams.
  • Strong verbal and written communication skills, with the ability to translate technical security concepts into clear, concise responses for regulators, clients, and business stakeholders.

Execution & Operating Discipline

  • Strong organizational and time management skills, with the ability to manage multiple concurrent requests and deadlines.
  • Ability to work independently, prioritize competing demands, and deliver high-quality outputs with minimal supervision.

Education

  • A bachelor's degree in information security, Computer Science, Information Technology, or a related field may be considered.
  • Relevant certifications in security, technology, or risk disciplines are preferred, such as CISA, CISM.

The hiring range for this position is $121,000 - $173,000. The final salary offer will vary based on geographic location, individual education, skills, and experience. The position is eligible to participate in FM’s comprehensive Total Rewards program that includes an incentive plan, medical, dental and vision insurance, life and disability insurance, well-being programs, a 401(k) and pension plan, career development opportunities, tuition reimbursement, flexible work, and time off, including vacation and sick time. FM is an Equal Opportunity Employer and is committed to attracting, developing, and retaining a diverse workforce.

More open positions

Lead Counsel, Cybersecurity

Work from home Full-time role

Cybersecurity Business Analyst

Work from home Full-time role

Senior Security Engineer II, Application Security (Remote Eligible)

Work from home Full-time role

Sr Cyber Security Automation Engineer

Work from home Full-time role

Senior Offensive Security Engineer

Work from home Full-time role

AI Infrastructure Engineer

Work from home Full-time role

Life Insurance Producer (Remote)

Work from home Full-time role

Remote Trip Assignment Specialist – Evening Operations in Non-Emergency Medical Transportation

Work from home Full-time role

Customer Advocate, Remote

Work from home Full-time role

MDS Coordinator – Registered Nurse (RN) Clinical Documentation Specialist, AK

Work from home Full-time role

Legal Consultant - Regulatory - Digital Assets, Payments

Work from home Full-time role

Back End Software Engineer (Kotlin)

Work from home Full-time role

Senior Manager, Engineering, Local Runtime (East Coast)

Work from home Full-time role

Remote Office Manager

Work from home Full-time role

Luxury Travel Consultant – Client Services (Remote)

Work from home Full-time role

Principal Account Executive (Italy & Iberia)

Work from home Full-time role

Customer Service Representative

Work from home Full-time role

Opportunities at Concentrix Georgia - ...

Work from home Full-time role

3D Hard Surface Artist

Work from home Full-time role

[Remote] Accounting Expert (CPA)

Work from home Full-time role

Senior Customer Success Engineer

Work from home Full-time role