Established nearly two centuries ago, FM is a leading mutual insurance company whose capital, scientific research capability and engineering expertise are solely dedicated to property risk management and the resilience of its policyholder-owners. These owners, who share the belief that the majority of property loss is preventable, represent many of the world’s largest organizations, including one of every four Fortune 500 companies. They work with FM to better understand the hazards that can impact their business continuity to make cost-effective risk management decisions, combining property loss prevention with insurance protection.
Schedule & Location: This position requires on-site work one day per week at our Corporate Headquarters and flexibility to be on-site when needed based on the demands of the business.
Relocation is not offered for this position.
Summary
FM is seeking a Principal Information Security Analyst with deep expertise in cybersecurity regulatory compliance and oversight. In this high-impact role, you will lead the execution of FM’s global cybersecurity regulatory compliance program, ensuring the organization proactively identifies, understands, and responds to evolving global cybersecurity requirements.
You will play a critical role in protecting FM by evaluating how cybersecurity regulatory expectations apply to our systems, data, and internal processes, and translating those requirements into actionable controls and practices. This is a highly visible role where your expertise in cyber risk, regulatory frameworks, and control design will help shape business decisions, strengthen our security posture, and ensure ongoing alignment with regulatory obligations.
You will partner closely with security, technology, risk, legal, and business teams to identify gaps, define expectations, and recommend practical, business-aligned solutions. Additionally, you will act as a primary point of coordination for external cybersecurity inquiries, including regulators, auditors, and clients.
You will lead end-to-end cybersecurity regulatory assessments and control evaluations, going beyond standard compliance activities to evaluate alignment across systems, data, and technical processes.