ISMS Program Manager

Role Summary The ISMS Program Manager reports to the Director of Infrastructure and Information Security (CISO) and is part of the Infrastructure and Security team. The primary responsibilities include defining, advising on, and embedding best practices regarding information security policies, standards, and processes based on NIST Cyber Security Framework. This role coordinates response and communications to security events, oversees internal and external audits and security questionnaires for IT environments, and supports the firm’s strategic plan by identifying, monitoring, evaluating, and managing technology and cyber risks. Responsibilities Implement NIST framework and Information Security Management System (ISMS) aligned with effective controls and measures to protect systems and data. Develop a complete set of Information Security policies, procedures and standards while monitoring controls, KRIs/KPIs, and technical landscape. Assist in the development of routine reporting communications and documentation consistent with the NIST framework in formats suitable for executive audiences. Lead on security compliance reviews, internal and external audits, certifications and accreditations, and security questionnaires (e.g., NYDFS, MA DOI, Ernst & Young). Manage and coordinate audit remediation efforts. Identify, communicate, and manage current and emerging security threats with relevant stakeholders. Conduct third‑party information security assessments in coordination with Vendor Management and Enterprise Risk Management teams. Work with business stakeholders, internal IT, and third‑party vendors to promote and adopt security best practices and foster a security‑conscious culture. Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks. Deploy all‑employee Cybersecurity awareness bulletins and training modules. Facilitate and document Incident Response and Disaster Recovery tabletop exercises. Coordinate and manage DR/BC testing and recovery efforts with other IT teams and ERM. Other duties and/or projects as assigned. Qualifications Education Bachelor’s degree in Information Technology, Business Management, or a related field. Experience Minimum 7–10 years of overall technology professional experience. At least 5 years in Information Security, Compliance, or Privacy. Knowledge Requirements Comprehensive understanding of Information Security Frameworks (e.g., ISO 27001, NIST CSF, CIS Critical Security Controls). Knowledge of insurance and finance industry laws, regulations, policies, and ethics related to cybersecurity and privacy. Monitoring and reporting on compliance with security and data protection policies and enforcement of those policies. Working knowledge of Security Architecture and potential security issues related to PaaS, IaaS, SaaS and cloud environments. Understanding of IAM and Data Loss Prevention in a Microsoft environment. Knowledge of security technologies such as vulnerability testing and firewalls. Experience with leading external IT controls audits. Excellent execution, attention to detail, decision making, and follow‑through skills. Strong personal and professional ethical values and integrity. Self‑driven, highly organized, and very effective time‑management skills. Certifications / Licenses Information Security Certifications (e.g., NIST, CRISC, CISSP, CISM) are an added plus. Program management qualification (e.g., PMP) and certifications are an added plus. Hybrid Work Model At our Canton location, employees will be on site Monday through Thursday starting 5/1/23. At our Omaha location, employees will be on site two days per week. Boston Mutual is an equal‑opportunity employer and does not discriminate on the basis of race, color, age, religious creed, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, disability, military service, veteran status, family status, pregnancy, or any other characteristic protected by federal or state laws. Boston Mutual is a drug‑free workplace. #J-18808-Ljbffr Boston Mutual Life Insurance