Enterprise Security Analyst II - (GRC) Governance, Risk, and Compliance

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field
• Typically requires 3+ years in IT audit, risk management or security compliance
• Communicate effectively in both oral and written form
• Exercise sound judgment in making critical decisions
• Work as a team member and follow directions
• Analyze, organize, and prioritize work while meeting multiple deadlines
• Work comfortably in a fast-paced work environment 
• Analyze and prepare documents, reports, and correspondence
• Managing one’s own time and working independently 
• Completing assignments accurately and with attention to detail
• Compliance standards and security frameworks (COBIT, NIST, HIPAA, ISO27001/2, OWASP, PCI) 
• Networking communication protocols used within information security technology solutions
• Security regulations and security requirements that impact the insurance industry (GLBA, HIPAA, PCI)
• Security best practices, policies, standards, and guidelines
• Security architecture and secure implementation of new technology

Nice To Haves

• Prior experience with Governance, Risk, and Compliance (GRC) platforms
• Certifications related to cyber security preferred, such as Security+, Certified Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA)

Responsibilities

• Performs Governance, Risk, and Compliance (GRC) activities and procedures and implements security best practices across the enterprise to identify, analyze, and mitigate potential IT risks
• Creates, reviews, and implements corporate information security policies and procedures
• Conducts vendor risk assessments assessments on new and current technology to evaluate the security posture of third-party procedures
• Recommends controls for reporting, analyzing, and reducing the impact of security incidents
• Prepares, analyzes, and presents risk reports to management and internal stakeholders
• Assists with security assessments and penetration tests for risk reporting and mitigation
• Ensures information technology changes are assessed for impact on security aspects, including the Information Security Policy, security controls, and standards
• Attends change advisory board meetings when appropriate
• Conducts and assists with the development of security awareness training material
• Keeps current with security industry standards and appropriate government regulations
• Provides mentoring for junior level analysts and interns
• Conducts and assists with the development of security awareness training material
• Performs other duties as assigned

Benefits

• Health, Dental and Vision Insurance
• Generous 401(k) with company match
• Paid Time Off (PTO) with Paid Holidays
• Flexible/Hybrid Work Schedule
• Paid Volunteer Program