All Boston Mutual employees who interact with our policyholders, our producers, and our BML associates embrace the principles of our brand and service philosophy. We are all brand ambassadors. Both our words and our behaviors matter. We share a common service philosophy and pride ourselves in living the BML brand promises every day, one interaction at a time. The following statements represent what Boston Mutual stands **_“FOR”_** – it is what makes us **_different_** and **_better_** in the market we serve. + We are **_FOR_** being a progressive life insurance company offering financial peace of mind to working Americans and their families. + We are **_FOR_** providing practical and affordable products designed for those we serve. + We are **_FOR_** making it easy to secure a level of financial protection with a portfolio of products – beginning with life insurance. + We are **_FOR_** providing a personalized customer experience to our policyholders and producers. + We are **_FOR_** acting in the best interests of our policyholders, producers, employees and the communities in which we live and serve – representing the goodness of mutuality in all we do. We do our best to: + Demonstrate a desire to assist + Listen for understanding and respond empathetically + Explain things in a manner that is easy to understand + Be knowledgeable students of our business + Take full ownership to resolve questions and issues + Be professional, polite and courteous + Leave our customers and associates “better than where we found them” The ISMS Program Manager reports to the Director of Infrastructure and Information Security (CISO). The ISMS Program Manager is part of the Infrastructure and Security team and is responsible for defining, advising on, and embedding best practices regarding information security policies, standards and processes based on NIST Cyber Security Framework. This role will take a lead on coordinating response and communications to security events, and internal and external audits and security questionnaires related to Information Technology environments and practices. The ISMS Program Manager works across teams to effectively identify, monitor, evaluate, and manage Boston Mutual’s Technology and Cyber risks - including operational losses, material risk, regulatory changes, etc. in support of the firm's strategic plan. The role will also have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with EPMO, ERM, other IT teams, and 3rd party vendors. The ISMS Program Manager is expected to: + Implement NIST framework and Information Security Management System (ISMS), aligned with effective and appropriate NIST compliant controls and measures to protect systems and data. + Develop a complete set of Information Security policies, procedures and standards while monitoring the information security controls, KRIs/KPIs, and technical landscape. + Assist in the development of routine reporting communications and documentation consistent with and supportive of the NIST framework, in formats suitable for executive audiences. + Lead on security compliance reviews, internal and external audits, certifications and accreditations, and security questionnaire (e.g., NYDFS, MA DOI, Ernst & Young). + Management and coordination of audit remediation efforts. + Identify, communicate, and manage current and emerging security threats with relevant stakeholders. + Conduct third party information security assessments in coordination with Vendor Management and Enterprise Risk Management teams. + Work with business stakeholders, internal IT, and 3rd party vendor teams to promote and adopt security best practices and promote a security conscious culture. + Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable. + Deploy all-employee Cybersecurity awareness bulletins and training modules. + Facilitate and document Incident Response and Disaster recovery tabletop exercises. + Coordinate and manage DR/BC testing and recovery efforts with other IT teams and ERM. + Other duties and/or projects as assigned Qualifications **Education:** + Bachelor’s degree in Information Technology, Business Management, or a related field **Experience:** + Minimum 7-10 years of overall professional experience + 5+ years in the fields of Information Security, Compliance, or Privacy **Knowledge Requirements:** + Comprehensive understanding of Information Security Frameworks (e.g., ISO 27001, NIST CSF, and CIS Critical Security Controls) + Knowledge of insurance and finance industry laws, regulations, policies, and ethics as they relate to cybersecurity and privacy + Monitoring and reporting on compliance with security and data protection policies, as well as the + enforcement of policies. + Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and cloud environments. + Understanding of IAM, and Data Loss Prevention in a Microsoft environment. + Knowledge of security technologies such as vulnerability testing and Firewalls. + Experience with leading external Information Technology controls audits + Excellent execution, attention to detail, decision making, and follow-through skills + Strong personal and professional ethical values and integrity + Self-driven, highly organized, and very effective time management skills **Certifications/Licensures:** + Information Security Certifications (e.g., NIST, CISSP, CISM, etc.) are an added plus + Program management qualification (e.g., PMP certification) and certifications are an added plus **Hybrid Work Model** At our Canton location, employees will be on site Monday - Thursday starting 5/1/23. At our Omaha location, employees will be on site 2 days per week. Boston Mutual is an equal opportunity employer, and does not discriminate on the basis of race, color, age, religious creed, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, disability, military service, veteran status, family status, pregnancy, or any other characteristic protected by federal or state laws. Boston Mutual is a drug-free workplace. \#LI-Hybrid