This Security Analyst is responsible for maintaining solid knowledge of IT Security and Compliance concepts around industry regulations and standards, controls, audit requirements, compliance, identity management, development, and IT infrastructure. This function supports IT-related security and compliance functions. This position can also maintain and execute procedures for enforcing Assurant Security Policies & Standards, regulatory requirements, contractual agreements/obligations and any other IT-related security and privacy requirements.
The candidate must possess a strong understanding of security infrastructure components, good analytical and troubleshooting skills and have the ability to perform problem resolution and make process improvements.
50% - Support and maintain systems and processes related to governance, risk and compliance functions
- Collaborate with various Assurant GRC personnel to actively identify risks that will need to be added to and monitored via the risk registry
- Support maintenance of the IT Risk Register
- Escalate critical/high risk items to management in a timely manner
- Track remediation/mitigation of identified risks
- Conduct risk assessments on assigned initiatives
- Participate in continuous process improvement of the IT risk management process
- Maintain & reportrisk related metrics and documentation
40% - GRC Platform Administration and Support
- Maintain requirements and governance documentation for GRC implementation
- Administer GRC Platform (hands on configuration, user management, etc.)
- Model effective technical and professional skills, and share knowledge with others
- Provides day-to-day monitoring of application and performance of GRC Platform
- Identify and respond to GRC Platform events and incidents
- Identify and resolve problems and issues in a timely manner
10% - Project Support
- Participate on medium to large projects
- Manage multiple projects/issues concurrently
- Organize and participate in meetings required for each project
- Provide Lead Security Analyst or Manager with a weekly status report
- Identify and inform Lead Security Analyst or Manager of any issues, concerns, or vulnerabilities within the project
- Accountable for delivering project plans, test plans, tasks and communicating progress or issues on projects
- 3+ years experience working with IT or Information Security/GRC, legal, audit, compliance
- 1+ years of hands on Administration experience with a GRC Platform or tool
- Experience working with Risk Management Frameworks like NIST RMF, COSO’s Enterprise Risk Management, ISACA’s Risk IT, etc.
- Experience contributing as a virtual team member
- Familiarity with Industry Regulations & Standards such as HIPAA, GLBA, SOX, PCI-DSS, ISO, etc.
- Bachelor’s degree in Information Systems, Business Management, Computer Science, Engineering, Accounting, Finance, Audit
- Professional certification(s) (CISA, Security+, MCSE, CNA/CNE, CISSP)
- Strong knowledge of general controls and processes
Requisition Number 52566