Insurity is one of the largest property and casualty insurance technology and services providers with more than 700 employees and 250 clients. With more than 30 years of domain expertise, we have combined a deep understanding of the insurance business and technology expertise into a singular focus: empowering our clients with innovative and flexible technology that allows them to meet their business goals and offer a simplified insurance experience.
InfoSec GRC Analyst
Insurity Enterprise Security Team is currently in search of a Governance, Risk and Compliance (GRC) Analyst to improve upon and streamline regulatory, privacy and compliance initiatives. As an analyst, you will oversee and advise various groups within Insurity, guiding them and holding them accountable to ideal compliance with governance requirements. The perfect candidate will be a self-driven expert in Data Security, Data protection laws and regulations such as SOX, AICPA SOC, PCI, HIPAA, GDPR, CCPA, Etc. You will be responsible to manage projects, provide repeatable processes, drive initiatives forward and mentor internal users for each area of risk, all with little oversight.. Security and governance related certifications such as CRISC or CIPP are a plus.
Location: This position may be based out of our Denver, CO, Hartford, CT or Montreal, QC office.
What you'll be doing:
- Prepare for and managing functional compliance readiness
- Prepare for and participate in IT and Governance Audits
- Track and ensuring compliance with IT and security controls covering a wide range of regulations
- Answer and liaise on customer questionnaires and inquiries
- Stay educated on International and state specific data protection laws and ensuring ongoing compliance
- Follow up with responsive and unresponsive teams driving progress on tracked issues
- Craft and prepare metrics and KPI's for CISO and executive management review
- Support information security, compliance and governance inquiries from other teams within Insurity
- Track, update and draft clear, concise Policies, Standards, Procedures and Guidelines
- Review, update and test governance plans such as the BCP, IRP and DR plans
- Track and audit risk management and risk management strategies for the organization
- Draft and create customer marketing regarding security, compliance and regulatory standards
- Work closely with technical and non-technical teams to meet regulatory controls
- Audit, investigate and inquire on specific controls and requirements as needed
What you'll need:
- 3-5 years of experience working in a GRC role
- Work experience successfully managing projects and tasks within a large company with multiple departments
- Comprehensive understanding and experience in various IT and security frameworks
- Comprehensive understanding and experience in various state and international Data Protection laws
- Highly proficient written and oral English communication skills
- Detail oriented work style
- Mastery of converting business and technical risks into actionable tactical tasks
- Knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
- Experience working with and managing policies, procedures, standards and guidelines related to SSAE18, NIST and PCI
- Governance related certifications such as CRISC, CIPP, PMP are a plus