Sr Info Sec Assessment Analyst

About The Position

Requirements

• The ability to interface across the organization with other teams, such as system operations, infrastructure, security personnel, etc.
• Ability to manage supplier relationships.
• Proven ability to assess risks and controls and to identify solutions to reduce risk.
• Demonstrated initiative and commitment for results and the ability to set priorities and manage multiple initiatives.
• A working knowledge of Microsoft Office Suite.
• A solid foundation in compliance frameworks and security management standards (e.g., ISO 27001:2013, COBIT, and NIST).
• Excellent written and verbal communications skills.
• Ability to adjust to changing priorities while multitasking effectively.
• Ability to articulate security concepts to business users.
• Knowledge of security management standards.
• Experience with an IT GRC tool (i.e. Modulo, Archer, etc.).
• Bachelor's Degree in Computer Science, Information Systems, Risk Management
• Four or more years of related work experience
• Strong knowledge of information security policies, controls, and processes as well as infrastructure (networks, servers), databases, and Internet technologies
• Working knowledge of information security related laws, regulations, and industry standards (e.g., FFIEC, GLBA, HIPAA, and PCI DSS). Ability to translate these requirements into enterprise wide regulatory compliance and risk management processes in support of the Information Security program
• Experience in Financial Services or Insurance industry
• Or an equivalent combination of education and experience

Nice To Haves

• Certifications in Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar certifications

Responsibilities

• Identify, interpret, and communicate information security issues related to Aflac systems and third parties.
• Track and report on the status of issues and remediation plans as a result of the assessment output.
• Keep abreast of industry trends, emerging risks, and legal and regulatory changes, and participate in industry forums (e.g., BITS).
• Meet with business partners and technology teams regarding the integration points with enterprise wide processes such as strategic supply/procurement management, legal, security vulnerability management, etc.
• Engage in partnerships with these areas to maintain an understanding of their processes and the inter-relations with information security processes.
• Work with stakeholders in the third party risk management community regarding high risk information security issues associated with third parties.
• Partner with Legal, Sourcing, and Supplier Managers to evaluate and embed standard security provisions into contracts.
• Evaluate applicability of SOC 1 and SOC 2 security and confidentiality trust principles based on services provided by third parties to incorporate into contracts.
• Performs other related duties as required

Benefits

• medical, dental, and vision coverage
• prescription drug coverage
• health care flexible spending
• dependent care flexible spending
• Aflac supplemental policies (Accident, Cancer, Critical Illness and Hospital Indemnity offered at no costs to employee)
• 401(k) plans
• annual bonuses
• an opportunity to purchase company stock
• 11 paid holidays
• up to 20 days PTO
• state-mandated sick leave (Washington employees accrue 1-hour sick leave for every 40 hours worked)
• other leaves of absence, if eligible, when needed to support your physical, financial, and emotional well-being