Advance your Information Technology (IT) career at Liberty Mutual Insurance - A Fortune 100 Company.
Liberty Mutual Insurance ranks 84th on the Fortune 100 list of largest corporations in the U.S. based on 2011 revenue. As of December 31, 2011, Liberty Mutual Insurance had $117.1 billion in consolidated assets, $99.3 billion in consolidated liabilities, and $34.7 billion in annual consolidated revenue. Liberty Mutual employs over 50,000 people worldwide in four Strategic Business Units (SBUs) and multiple corporate departments.
Liberty Mutual International Holding (LIHI) is actively searching for a Principal Information Security Analyst Active Directory. Liberty International Holdings comprises country operations in Asia, Europe, and Latin America, which provide personal and small commercial insurance products. Liberty Internationals Home Office IT team is comprised of IT professionals from a variety of disciplines application management, infrastructure, architecture, and security. Our major objective is to ensure that our operations sustain competitive advantage in their respective markets through their efficient and effective management of technology. Home Office IT drives the achievement of a number of key goals for our operations including nimbleness, speed to market, security, and reliability. In this position, you will receive general direction from the Information Security Manager and is competent to work at the highest level of all phases of security. Manages security incidents, leads investigation and recommends appropriate corrective actions for information security incidents. Provide post event leadership and review. Provide functional leadership in the areas of analysis, system design, documentation, testing, implementation and support for highly complex security operations and processes. Directly responsible for security projects or sub-projects of significant technical complexity. Decisions require analytical, interpretative and creative thinking that may not conform to established patterns in order to solve security problems. May require proactive or pre-emptive action to minimize or prevent threats to Liberty International systems, users and data. Effectively communicates highly complex technical issues with confidentiality and sensitivity to diverse audiences as appropriate.
Provides technical expertise and support to client, IT management and other infrastructure staff in risk assessments, implementation and operational aspects of appropriate information security procedures and products. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes. Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations and how they will affect the LMIG environment.
Develops systems scanning and vulnerability strategies and testing protocols to achieve compliance with set standards. Develops and oversees remediation processes.
Participates in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environment (e.g., company-wide, distributed, client server systems, and e-applications).
Performs access control and account administration of critical information resources and design of processes to manage privileged users and user accounts.
Consults with client and development area management or staff in the design and implementation of new or modified information security systems and operations
Coordinates tests and implements appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery.
Facilitates teamwork process and meetings and provides training to clients or teams during implementation.
Acts as a liaison to the product groups and Architecture & Engineering and assists them in the implementation of security technologies and applications security. Review vendor patches and solutions to determine appropriateness of implementation.
Helps with the development communications and related campaigns for information security awareness among all staff.
May conduct security architectural reviews on projects, applications and initiatives that ensure that corporate security policy, standards and guidelines are adhered to.
May perform security architecture gap analysis, identify solutions and position them in the security architecture for reuse.
Use automated tools, utilities and visual inspection of application source code to find security weaknesses and code flaws. Educate development teams on best practices and techniques to prevent application exploitation.
May construct written reports for application development team's findings from code reviews, penetration testing, ethical hacking and other assessments that provide clear problem definitions, proposed fix actions and mitigating controls that allow the teams to remediate the application.
Determine significant risk points and exercise process for risk assessment and risk acceptance.
Evaluate, test and select security tools, evaluation products and control products.
Reviews the development, testing and implementation of security plans, products and control techniques.
Performs related duties as assigned or requested.
Bachelor's degree in Computer Science or a related discipline and at least eight years of solid work experience in information security or an equivalent combination of education and work experience. Requires an in