At Principal, we invest in what matters. And building dedicated teams is where it all begins. We're drawn to people who bring outstanding perspectives, passion, and expertise to help us advance the financial security and well-being of our customers. We also aim to transform our growing business and drive positive change in the communities where we live and work.
When we invest in you, and you invest in us, great things happen.
We are looking for an Information Security Officer (ISO) who will be responsible for the implementation of IT and cybersecurity standards across Principal's Asset Management business, working closely with regional and group security teams. The successful candidate will provide proactive guidance on security controls, evaluate risks and resources against emerging threats, and lead communication and coordination during cyber security incidents while strengthening the organization's network with second- and third-line teams.
What You'll Do
The ISO oversees core security domains including Security Operations, Identity Management, User Access Reviews, Data Loss Prevention, Patch Management, Cybersecurity Management, Asset Management, Awareness & Training, and Third‑Party Risk Assessment.
Core Responsibilities & Skills
- Assess security threats, vulnerabilities, and technology risks while ensuring compliance with Principal's Information Security Policy (ISP).
- Partner with IT teams to align security controls with ISP standards and drive effective implementation of security protocols.
- Anticipate emerging cyber threats and enforce industry‑standard and regulatory requirements.
Reporting
- Provide timely, concise security updates and insights to key stakeholders.
- Maintain clear communication channels and deliver accurate reporting on current risk posture and future outlook.
Cybersecurity Implementation & Governance
- Work with PI BISO and ISR teams to implement technologies, procedures, and policies aligned with the Principal Information Security Program.
- Serve as SME on local Information Security regulatory requirements.
- Implement and test adopted NIST controls within the member company.
- Coordinate compliance with information security, privacy laws, and local regulations.
- Develop and maintain country‑specific information security processes and procedures.
- Support internal and external IT audit activities.
- Continuously monitor and evaluate the efficiency of cybersecurity controls.
- Strictly govern the adherence to established security protocols to maintain world-class standards.
Who You Are
- A degree holder in IT, Computer Science or an equivalent technical degree and relevant experience (CISSP, GIAC, etc.)
- At least 10 years of proven information security experience
- Strong writing, analytical, and communication skills with proven ability to engage collaborators at all levels
- Deep knowledge of IT and cybersecurity guidelines, industry frameworks (NIST 800‑53 and/or ISO 27000), and regulatory expectations
- Possess strong research, documentation, organizational, and relationship‑building capabilities
- Able to demonstrated leadership, critical thinking, and strong personal dedication
- Able to work under pressure, manage tight deadlines, and perform effectively in fast‑paced environments
Who We Are
Principal Financial Group is a Fortune 500 global leader in financial services focused on insurance, retirement, and asset management. We have 18,000 employees and 51 million customers around the world with over $714B in assets under management.
