IT Governance Risk & Compliance Analyst

Full Time

Job Description

Are you looking for more than just a job? Do you want to have a voice and feel a sense of belonging? At ICW Group, we hire innovative people who consistently adapt, grow and deliver. We believe in hard work, a fun work environment, and embracing creativity that only comes about when talented people collaborate to develop solutions. Our mission is to create the best insurance experience possible.

Headquartered in San Diego with regional offices located throughout the United States, ICW Group has been named for seven consecutive years as a Top 50 performing P&C company offering the stability of a large, profitable and growing company combined with a small-company entrepreneurial spirit. Our purpose-driven ethos provides team members with opportunities to contribute, develop, and belong.

The IT Governance Risk and Compliance Analyst will support companywide information security risk and governance programs by understanding company technology compliance requirements, performing control reviews against industry standards, identifying and mitigating technology risks, and supporting the completion of various IT governance initiatives. This position will assess and document the compliance and risk posture as it relates to information assets.


Supports information security risk and governance programs
  • Assists in the management of company compliance requirements such as Model Audit Rule, data privacy laws including CCPA, NYDFS, and industry certifications to ensure proper internal controls for reporting.
  • Develops and maintains technology related policies, procedures, and standards that address security requirements related to strategies, regulations, business & technology risks, and industry standards.
  • Performs information security control reviews and assessments across technology and business teams to address risk and compliance against various industry and technology frameworks (i.e., SSAE18 SOC2; NIST Cybersecurity Framework, COBIT, and ISO27001).
  • Identifies, quantifies, tracks, and leads mitigation of risks and control exceptions in collaboration with Third Party Risk program requirements and communicate results to department leadership.
  • Oversees and executes control activities such as periodic system access reviews to ensure activities meet defined requirements, policies, and regulations.
  • Performs information security risk assessments on third party vendors and external business partners in coordination with Third Party Risk Program.

Participates in the completion of various IT governance initiatives
  • Partners with team members to fulfill technology and information security related information requests (e.g., RFPs and RFIs, third party requests, and ad hoc technology reviews).
  • Assists with the creation, alerting, and monitoring of key department metrics to ensure effective system-wide security analysis, intrusion detection, and risk assessment.
  • Assists with the completion of IT Governance deliverables supporting IT Financial Management, IT Strategic Planning, and reporting to executives and senior leaders.

Develops industry knowledge in the field of regulations.
  • Supports and interprets information provided by Internal/External Audit for relevant compliance concerns.
  • Reviews, analyzes, and interprets controls for design and operational effectiveness to determine adherence to regulatory, contractual, and corporate policies and standards.
  • Shares industry information with the applicable stakeholder groups.
  • Keeps up to date on developing regulatory concerns, changing IT and information security trends.

  • Bachelor's degree (IT, Business, Accounting or Statistics) Required.
  • 6+ years of related experience and/or training
  • Experience in Sarbanes-Oxley or Model Audit Rule requirements.
  • Experience in applying IT control & security frameworks such as SSAE18 SOC2, COBIT, NIST Cyber Security Framework, ISO 27001.
  • Knowledgeable in Personal Identifiable Information, Personal Information, and Payment Card Industry compliance requirements.
  • CISA, CRISC, CISM, CISSP, and/or CGEIT preferred.

  • Ability to apply fundamental Information Technology General Controls, concepts, practices, and procedures in area of Information Technology.
  • Understanding of fundamental information security concepts and technology.
  • Ability to develop security standards and guidelines based on best practices and industry standards.
  • Ability to read, analyze, and interpret industry control framework concepts.
  • Must be able to assess and apply the types of controls, such as detective, preventative and corrective.
  • Proven organizational, analytical and time management skills.
  • Demonstrated ability to negotiate and influence.
  • Excellent interpersonal skills.

  • CISA, CRISC, CISM, CISSP, and/or CGEIT preferred.


Dice Id : 10123200
Position Id : 8484de06-7cfa-44d3-ac59-3b8c0a392135
Originally Posted : 5 months ago
Have a Job? Post it

Similar Positions

IT Risk Compliance Lead
  • ConsultNet, LLC
  • Newport Beach, CA, USA
Enterprise Services IT Program Manager
  • Northrop Grumman
  • San Diego, CA, USA
IT Service Desk Analyst
  • SAIC
  • San Diego, CA, USA
Cloud Security Engineer III
  • ICW Group (Insurance Company of the West)
  • San Diego, CA, USA
Information System Security Manager
  • SAIC
  • San Diego, CA, USA
IT Deputy Program Manager
  • SAIC
  • San Diego, CA, USA
Cybersecurity Supervisor (Mgr Network Communications 1) 7295
  • HII's Technical Solutions Division
  • San Diego, CA, USA