"Alerted.org

Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology. As one of the world's leading employee benefits providers, we help millions of people gain affordable access to benefits that help them protect their families, their finances and their futures.

Are you an asker of questions, a solver of problems, and a challenger of the status quo? Our mission is to provide a differentiated customer experience and exceed the expectations people have of technology at any company — not just insurers.

We are seeking individuals to join our team of talented IT professionals who share never-ending passion and an unwavering focus on our customer experience. Team members comfortable working in an agile, fast-paced, and delivery-focused environment thrive in our environment where we value an entrepreneurial spirit and those who challenge the status-quo.

Unum is changing, and we’re excited about what’s next. Join us.

General Summary:

The Manager - Information Security Policy and Controls Governance is responsible for strategic enhancement and day-to-day operation of key governance, risk, and compliance capabilities, including policy and standards governance, enterprise and application-level risk assessments, and controls management and attestation programs. This role will oversee the full lifecycle of governing documents, manage policy exceptions, coordinate external and regulatory assessments, and ensure strong alignment between security controls and regulatory requirements. The manager will also drive consistent, timely issues management across all domains. This leader will partner closely with stakeholders across the organization to mature processes, strengthen compliance posture, and ensure effective, repeatable execution of GRC activities. They will manage a small to mid-size team of IT security and risk management professionals.

Job Specifications

+ Bachelors degree in computer science, or relevant technical experience

+ Has 5+ years experience in an IT Risk Management field, or equivalent relevant work experience

+ Has a security technology background with strong knowledge of relevant technical security disciplines

+ Exhibits courage by taking smart risks and encouraging others to do so; empowers innovative approaches by motivating others to be proactive and resourceful

+ Able to effectively coach, mentor, identify, and address skills needs and gaps

+ Proficient in methods and techniques for running effective meetings and for understanding and influencing the roles played by participants

+ Displays good interpersonal skills at all levels of contact and in a wide variety of situations, able to listen and influence, and to relate to customers in their own language

+ Demonstrates the ability to champion change and support teams through change.

+ Demonstrates the ability to think critically, challenge conventional thinking and generate and apply unique business insight to create competitive advantage for the organization

+ Has solid knowledge of regulations, including, GLPA, HIPAA, GDPR, CCPA, and other cyber security regulatory compliance requirements and related programs

+ Has in-depth knowledge of security and control frameworks such as the NIST Cyber Security Framework, NIST SP 800-53, ISO 17799/27001, CobIT, and ITIL

+ CRISC, CISSP, CISM, CISA, and other security related certifications are a plus

Principal Duties and Responsibilities

+ Oversees and evaluates the delivery and effectiveness of the organizations policy governance, risk assessments, control attestation, and issues management capabilities, taking action to address performance or quality gaps as needed.

+ Ensures the team maintains a well‑defined, risk‑aligned backlog of work that advances program maturity and meets regulatory, audit, and business needs.

+ Guides team members in prioritizing assessments, policy lifecycle activities, and control-related work based on risk, business value, and regulatory timelines.

+ Proactively removes obstacles and operational roadblocks that hinder timely completion of assessments, attestations, and governance processes.

+ Partners with business and technology stakeholders to translate security, compliance, and risk management objectives into actionable work items.

+ Ensures best‑practice execution, including structured assessment methodologies, clear control documentation, consistent issue tracking, adherence to policy standards, and high‑quality evidence collection.

+ Encourages creativity and continuous improvement in maturing governance, assessment, and control processes; fosters a culture of innovation within the team.

+ Uses operational metrics, assessment cycle data, and workflow insights to understand team performance and drive process efficiency.

+ Partners with leadership to ensure strong talent is in place to support the organization’s governance, risk and compliance obligations.

+ Mentors, coaches, and motivates team members to elevate their GRC expertise, business partnership skills, and overall performance.

+ Identifies skill gaps related to risk frameworks, regulatory requirements, control design, and assessment techniques, ensuring development plans address these needs.

+ Promotes cross‑training and shared ownership of GRC functions to reduce single‑points‑of‑failure and increase team resilience.

+ While accountable for the team’s output, actively cultivates a self‑organizing, autonomous, and collaborative team that consistently demonstrates accountability and continuous improvement.

+ Conducts regular 1:1s and development discussions to monitor progress, reinforce strengths, and close skill gaps.

+ Collaborates with peers to evaluate the effectiveness of resourcing models, proposing enhancements to better support team operations.

+ Maintains a strong understanding of emerging regulatory trends, risk frameworks (e.g., NIST CSF, HIPAA, SOC, ISO), and control expectations to inform program improvements.

+ Reinforces disciplined prioritization by ensuring the team focuses on the highest‑value, highest‑risk activities and commitments.

+ Designs and operates GRC processes with partner teams’ knowledge and needs in mind, ensuring risk governance activities are clear, intuitive, and easy to complete.

\#LI-TO1

\#LI-MULTI

IN4

Our company is built on helping individuals and families, and this starts with our employees. We want employees to maintain a positive balance, which is why we provide access to the benefits and resources they need to invest in themselves. From our onsite fitness facilities and generous paid time off to employee professional development programs, we are committed to helping employees live and work their best – both inside and outside the office.

Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status.

The base salary range for applicants for this position is listed below. Unless actual salary is indicated above in the job description, actual pay will be based on skill, geographical location and experience.

$89,400.00-$183,500.00

Additionally, Unum offers a portfolio of benefits and rewards that are competitive and comprehensive including healthcare benefits (health, vision, dental), insurance benefits (short & long-term disability), performance-based incentive plans, paid time off, and a 401(k) retirement plan with an employer match up to 5% and an additional 4.5% contribution whether you contribute to the plan or not. All benefits are subject to the terms and conditions of individual Plans.

Company:

Unum