Position Overview: Premier Reinsurance firm is looking to add a new Security Analyst (GRC) to their Security team that will take on ownership of the third party vendor assessment program. In addition, the analyst will assist with various cyber GRC areas including client due diligence, security awareness, regulatory response, audit remediations, security controls strategy, and other ad-hoc projects.
Essential functions of the position:
% of time spent on each
Manage the third party vendor assessment process by reviewing vendor assessment questionnaires including SOC 2 reports and ISO 27001 certifications. Validate the existence of the vendor’s controls by reviewing evidence and lead any possible remediation efforts where a vendor’s controls are deficient. Ensure that internal business partners are aware of any risks and work with Legal when certain control requirements need to be included into contracts. Prioritize, track, and report out on progress status, issues, and challenges on a regular basis for executive reporting.
Be actively aware and participate in other GRC activities so that you can ensure continuity of the activities in times of demand.
Research security controls and be able to translate the technical and nontechnical aspects to key stakeholders for various IT platforms and solutions. Ensure that the security controls are deployed in alignment with the Security Team’s goals by partnering with Infrastructure and Engineering.
Provide cyber hotline coverage for the Eastern Standard Time zone which includes responding to general cyber questions, analyzing reported emails, and escalating high priority events.
• A Bachelor’s degree in Cyber Security, Information Technology, or a related field.
• 2 - 5 years of experience in Governance, Risk, & Compliance within Information Security.
• A solid understanding of the inter-play between Information Security, Infrastructure, and Engineering.
• Audit like mindset to uncover control gaps and areas for improvement.
• Experience working in a global and matrixed organization across functions and geographies.
• Excellent communication skills with internal and external parties.
• Ability to keep meticulous records of activities performed.
• Pluses: Experience with a phishing platform, Jira, Azure, Office 365 E5
• Nice to have skills, but not required: PowerShell, Python, VBA
CompTIA Security+ or similar certification (E.g. CySA+, CISSP, CISA, CISM, CEH, GISF) preferred.