The Senior Information Security Risk Analyst will lead the development and management of information security policies, standards and guidelines. This role is also responsible for working directly with our business partners to evaluate the business risk environment, assessing key control appropriateness and effectiveness, determining information security risk, and providing direction on the development of appropriate security measures to mitigate risk exposure.
In addition, the Senior Analyst will track remediation of any identified control gaps and deficiencies, analyze data for management reporting and ensure all cyber and data security requirements are in place.
IN THIS ROLE, YOU WILL:
- Develop, implement and maintain a policy management lifecycle process, including develop, implement and communicate security policies, procedures, standards, best practices, guidance and controls.
- Continuously assess existing policies for relevancy and accuracy and work with business partners to identify and manage risks associated with policy violations and exceptions
- Contributes to management’s monthly reporting by analyzing and reporting on IT security controls and risk exposure.
- Responsible for ensuring that all applicable regulatory requirements are addressed, and security controls are managed and maintained.
- Perform information security risk evaluations on reported IT issues and communicate impact of risk to parties involved.
- Participate in IT initiatives, as necessary, to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion.
- Experience working with various information security frameworks and standards, cybersecurity regulations and industry compliance requirements.
- Understand the security risk landscape and proactively identify the need for changes to existing controls to meet and exceed industry standards.
- Responsible for building and operating our security risk management processes: risk assessment design and execution, risk treatment, issue and action management portfolio oversight, insight analysis, and reporting
- Advise and collaborate with SMEs, including Audit & Compliance, teams to ensure design and testing of security controls are aligned with leading best practices and executed effectively to manage risk
- Develop and maintain (Key Performance Indicators - KPIs) and risk (Key Risk Indicators - KRIs) metrics for use and reporting by business areas.
WHAT YOU NEED TO APPLY:
- A Bachelor's degree in Computer Science or technology/information security-related field.
- Five to seven (5-7) years’ direct experience in an information security role where risk-based methodology is used.
- Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, expertise in computer networks.
- Familiarity with FAIR methodology
- Certified Information Systems Security Professional (CISSP) is a plus.
- Certified in Risk and Information Systems Controls (CRISC) or equivalent.
- Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g. NIST)
- Strong understanding of policy, compliance, and best practice security principles.
- Able to work independently with minimal guidance and act as coach to other team members as necessary.
- Experience leading through influence
- Communication experience, interpersonal experience, and experience working cross-functionally with various teams
It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop.
We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed. Benefits include:
- Medical, dental, vision, life, and disability insurance
- 401K with a company match
- Tuition reimbursement
- Company Paid Holidays
- Flexible work arrangements
- On-site medical/wellness center (Worcester only)
“The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law.