Amerisure Insurance

Senior IT Security Risk Analyst

Amerisure Insurance$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree or equivalent experience.
  • 5 years of cybersecurity experience.
  • Advanced professional certification in Cyber Risk Management required (CISSP, CISM, CRISC, CCSP, AWS Security).
  • 2 years of experience in IT security control testing.
  • Experience in reviewing SOC 2 Type 1 and Type 2 reports.
  • Expertise in third-party cyber risk assessments.
  • Proficient in NIST security frameworks.

Responsibilities

  • Perform security risk assessments of third-party vendors including AI and mobile app reviews.
  • Lead the review and communication of cybersecurity policies and procedures.
  • Maintain the IT Risk Register, providing metrics for leadership.
  • Conduct risk assessments of IT risks.
  • Map regulations to organizational policies and controls.
  • Create risk and compliance metrics for management.
  • Support IT audits and controls regarding Model Audit Rule (MAR).

Benefits

  • Hybrid working model (3 days in-office).
  • Opportunity to develop and mentor team members.
  • Access to advanced threat intelligence tools.
  • Support for continuous improvement of security processes.
  • Engagement with leadership in cybersecurity strategy.
  • Professional development opportunities related to certifications and training.
Full Job Description
Amerisure is currently recruiting for a Senior IT Security Risk Analyst that can do a 3-day hybrid approach onsite in our Farmington Hills office. The ideal candidate will also possess the following skill set.

Summary Statement

The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design, implementation, and continuous improvement of the IT risk program, ensuring alignment with regulatory requirements (e.g., New York State Department of Financial Services, NIST CSF) and business objectives.

Essential Tasks/Major Duties
  • Perform security risk assessments of third-party vendors including AI and mobile application reviews.
  • Lead the review, update, and communication of cybersecurity policies, standards, and procedures to ensure alignment with global frameworks (e.g., NIST CSF, NYDFS, NIS2, PCI DSS).
  • Lead and maintain the IT Risk Register including metrics which provides leadership an overall view of IT risk.
  • Perform risk assessments of IT risks.
  • Map regulations to policies and controls.
  • Create risk and compliance metrics for management and compliance purposes.
  • Perform control testing and validation to ensure proper control effectiveness.
  • Support IT audits and controls around Model Audit Rule (MAR).
  • Monitor threat intelligence to determine potential impact to environment and remediation urgency.
  • Support vulnerability management program, daily security operations and identity tasks as needed.
  • Be a key advisor to leadership, translating cybersecurity risk into business impact and enabling informed decision-making.


Knowledge, Skills & Abilities
  • Bachelor's degree or equivalent combination of education and experience.
  • 5 years cybersecurity experience.
  • Advanced Cyber Risk Management domain specific professional certification required: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified in Risk and Information Systems Control (CRISC); Certified Cloud Security Professional (CCSP); AWS Certified Security.
  • 2 years experience performing IT security control testing.
  • Experience reviewing SOC 2 Type 1 and Type 2 reports to articulate potential security risk.
  • Expertise in conducting third-party cyber risk assessments.
  • Proficient in NIST security domain frameworks and architectures.
  • Experience in Logicgate or another GRC tool.
  • Experience using AI driven tools to enhance automation and operational efficiency.
  • Ability to quickly diagnose security control problems and propose/implement solutions.
  • Clear and concise articulation of risk to both technical peers and non-technical stakeholders.
  • Partner with IT teams, developers, and business leaders to support security initiatives, and mentor and develop members of the security team.
  • Analyze data and security trends to anticipate and assess potential threats.
  • Stay current with regulations, evolving threats, technologies, and security protocols.


#LI-BR1

About Amerisure Insurance

Amerisure Insurance is a property and casualty insurance company that provides commercial insurance products for businesses. The company's products include workers' compensation, general liability, automobile, property, and umbrella insurance. Amerisure Insurance was founded in 1912 and is headquartered in Farmington Hills, Michigan.
Learn more about Amerisure Insurance
Size
900 employees
Industry
Founded
1912

Similar Jobs

More Jobs at Amerisure Insurance

More Information Technology Jobs

Find similar Senior IT Security Risk Analyst jobs: