Senior Security Analyst
Job Title: Senior Security Analyst
Location: New Haven CT 06473
Duration: Perm (FTE) role
- The Senior Security Analyst for Information Security Policy and Process will be responsible for performing day-to-day governance, compliance and risk management tasks attributed to Information Security and information technology.
- This position will work in conjunction with the Manager of Information Security Policy and Process to ensure that Information Security risk is properly identified and included in the IT Security Risk register.
- This position will include creating and managing information technology and organizational policies and standards in support of legal and regulatory compliance needs as well as general information technology and organizational information security policies and standards that improve the Information Security risk mitigation maturity of the Order.
- Assist in developing organizational security policies.
- Assist in defining information technology security standards
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
- Perform security and compliance assessments on new and existing systems, processes, technology.
- Support internal and external audit process for relevant compliance concerns.
- Execute business impact analysis with guidance from the manager of IT Security Information Security Policy and Process
- Assist in maintaining the information security risk register
- Interface with information technology and lines of business to provide guidance and support.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
- Professionalism/Personal Accountability, Collaboration and Teamwork, Communication, Flexible and Adapts to Change, Service to Customers and Clients
- Working knowledge of legal and regulatory compliance standards and requirements such as NYDFS
- Strong understanding of the NIST CSF framework and other associated Information Security standards
- Ability to think diagnostically and critically in applying Information Security policy and process knowledge to Vendor evaluations
- Excellent written and oral communication skills.
- Strong work ethic with attention to detail.
- Ability to excel in a fast paced and rapidly changing environment.
- CISM, CRISC, CISA. CISSP or other security management certification
- Experience with Compliance360 and ServiceNow GRC platforms
Education and Experience Qualifications:
- Bachelor's degree in Information Security, Cyber Security, Computer Science, or another related field
- 3-5 years’ experience with legal and regulatory compliance standards such as NYDFS
- Experience with IT Information Security policy and process management in an insurance and financial services environment
- Strong communication and interpersonal skills to collaborate with cross-functional teams
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives
- Exceptional written, oral, and interpersonal communication skills
- Proficient in Information Security policy and process requirements and relevant principles, best practices and standards across insurance and financial services industry
- Ability to meet tight deadlines and to prioritize tasks
- Experience in performing vendor Information Security reviews
- Must be able to remain in a stationary position for a majority of the workday.
A reasonable, good faith estimate of the minimum and maximum for this position is $100k/annum to $113k/Annum depending on levels mentioned here. This position will also include benefits