• Information Security Principal

    Location US-RI-Johnston
    Job ID
    # Positions
    Work Location
    Works from an office location
    Employee Type
    Information Services - Information Security
  • Overview - External

    FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.

    Responsibilities - External

    FM Global is looking for a highly talented and motivated cyber/information security risk expert who will immediately bring credibility to consult with internal leaders to ensure that our security program continually evolves with industry best practices and emerging threat landscape.


    The Information Security Principal role will provide guidance and direction to other team members, business representatives, and technical resources and will manage information security projects of significant scope and complexity, which have high business visibility and value.

    The successful candidate will be recognized by business stakeholders as a subject matter expert in various areas of the organization and be an influential partner in setting business direction and process. This critical role recommends and influences senior management’s decisions to address security risks to within FM Global risk appetite.  The Information Security Principal is responsible for the development and oversight of security requirements involved in information security program objectives and initiatives.

    Qualifications - External

    Skills and Abilities:

    • Demonstrated track record of success in risk management processes, performing cyber risk assessment and in preparing related reporting
    • Proven experience in identifying and evaluating information/cyber risks and technical and non-technical controls which mitigate risks, and recommending opportunities for control improvement
    • Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
    • Expertise in developing enterprise-wide Cyber/Information Security Policies, Standards, and guidance materials.
    • Demonstrated ability to leverage various trusted sources of information (articles, webinars, Internet, etc.) to gain accurate knowledge of current security threats, vulnerabilities, mitigating strategies to address them and then recommend and implement appropriate solutions for the FM Global organization
    • Researches, recommends and leads cross-team efforts to improve upon information security program capabilities or to address identified security control deficiencies
    • Identifies creative ways to address program enhancement capabilities or resource constraints related to services for which the role is directly responsible
    • Must be an articulate, consensus building, and persuasive leader who can serve as an effective member of the team and communicate information security-related concepts to a broad range of technical and non-technical staff
    • Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment
    • Presentation Skills – Prepare and deliver formal and informal presentations to illustrate ideas, solutions and issues to upper management

     Education and Experience:

    • Minimum of eight (8) years of experience in information technology or business analysis, with at least five (5) years in an information security specific field, such as user access management, computer forensics, network perimeter security, incident response, system security, risk, audit, or other related discipline.  
    • Bachelor’s Degree in Information Security / Assurance, Computer Science, Information Technology, or a related discipline, or equivalent work experience or technical training with a non-related degree. 
    • ISC2 CISSP preferred. 
    • Demonstrated knowledge of information security discipline via relevant advanced industry certification such as: SSCP, CISA, CCE, Security+, GIAC, CEH, etc.