Director, Info Security & Risk Management

Job Description

We are Farmers! 
Join a team of diverse professionals at Farmers to acquire skills on the job and apply your learned knowledge to future roles at Farmers. Farmers Insurance also offers extensive training opportunities through the award winning University of Farmers named by Training magazine amongst top 10 corporate training units in the world.

Want to learn more about our culture & opportunities? Check out and be sure to follow us on LinkedIn!

Job Summary 
Leading risk assessments, which includes preparing high-quality and insightful risk assessment scenarios, based on open source research and conversations with stakeholders. Ability to complete and conduct hands-on technical assessment of the cyber threat landscape in terms of its potential impact on the organization and recommending strategic, mitigating actions. Compiling high-quality risk reports for decision taking by senior management, which includes performing research on industry good pr actices and emerging risks in the space of operations and technology Acting as trusted business partner to senior management and the Board of Governors, providing challenge and risk insights in support of achieving business objectives. Supporting business partners in implementing lean and effective information security risk and control frameworks. Developing tangible risk management thought leader ship and guidance to enable lines of business to effectively and efficiently assess and address risks related to information security risk. Actively consult with lines of business senior management to advance information security risk management practices to size and evaluate information security exposure. Partner with Chief Privacy Officer, Chief Information Officer and Chief Information Security Officer to evaluate potential information security risk and offer insights to business partners to understand and determine if the information security risk is acceptable.  
Essential Job Functions 
Develop and execute information security risk assessment strategy and reporting for the enterprise. Evaluate and provide an opinion on information risk exposure, remediation plans and best practice. Lead an independent effort to consult and inform the business partners, Risk and Control Committee and FGI and Exchange audit committee of information risk exposure. Lead the working group to streamline and improve the risk acceptance process.  
Physical Actions 
Physical Environment 
Education Requirements 
Bachelor's degree required in computer science, engineering, physics, mathematics or similar field. Master's degree preferred. A postgraduate degree in information security or risk management would be an advantage. Maintaining at least one related professional certifications such as CISM, CISA, CISSP and ITIL would be preferable. 
Experience Requirements 
8+ years of experience in the field of information security engineering, consulting or management. Solid working experience in project management in the operations and technology area, to maintain a holistic view of project risks. 
Special Skill Requirement 
Profound subject matter expertise in technical and organizational information security including application security, infrastructure security, network security, identity and access management, information security management systems (ISMS) and data protection / privacy. Deep working knowledge on industry good practice in the area of information security and IT service management (e.g. PCI-DSS, ISO 2700x series, COBIT 5, NIST 800-53, CIS Critical Security Controls, ITIL v3, OWASP)as well as strong understanding of operational risk management practices and frameworks (e.g. ISO 31000, NIST 800-37). Strong technical and analytical skills, with a track record of developing lean and yet effective information security frameworks. Self-starting individual who is keen to perform research on emerging risks in the operations and technology space. Strong capability in building relationships with key operations, technology and business stakeholders  
Farmers is an equal opportunity employer, committed to the strength of a diverse workforce. 
Schedule: Full-time

Job Posting: 10/18/2019