Information Security/Cyber GRC Analyst

Summary

Join Protective as an Information Security GRC Analyst and contribute to impactful work protecting millions of lives. You will manage and execute the organization's IS GRC programs, ensuring compliance with regulations and internal policies. Collaborate with stakeholders and vendors, combining business acumen and technical skills to manage risk assessments, policy development, and compliance initiatives. Measure program efficacy, communicate metrics, and recommend improvements. Foster a collaborative environment and contribute to the design, implementation, and optimization of IS GRC applications or solutions. This role requires strong communication, collaboration, and technical skills, along with experience in risk management and compliance. The position offers a competitive salary and a comprehensive benefits package.

Requirements

• Experience contributing to IS GRC program initiatives and supported the execution of risk assessments
• Excellent project, organizational, and content management skills
• Strong understanding of various state and federal regulatory requirements and compliance standards
• Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH required
• Excellent communicator and storyteller, adept at collaborating with various groups of people
• Proven ability to track and measure IS GRC program effectiveness using solutions such as SharePoint, Power BI, ServiceNow, and Archer
• Experience in developing and presenting related training materials
• Ability to provide continuous improvement feedback of the IS GRC program and present improvements at least yearly to leadership
• General knowledge of security tools, solutions, and appliances in support of security domains such as network security, e-Mail and end-point security, vulnerability scans, access controls, and log management etc
• Minimum of 2 years of experience in IT security, risk management, compliance, or audit required

Responsibilities

• Provide support and contribute to the InfoSec GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, Compliance Management, RFP Process Management and others
• Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients and sales support
• Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices
• Generate reports on assessment findings and summarize them to facilitate remediation tasks for other IT operational teams
• Conduct formal risk analysis and self-assessments program for various Protective brands and the associated information services systems, processes, and infrastructure
• Assist internal and external auditors with SOC2 and HITRUST audit engagement, data/artifact collection, exception remediation and monitoring
• Contribute to maintenance and update of library of information security control standards and procedures based on Information Security policies and procedures and industry best practices
• Maintain awareness of changes or updates on security control frameworks, compliance laws and statute, and identify the impact to the business and its security posture
• Compile management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments
• Conduct or participate in the cross training sessions with the IT Security team in the management and configuration of security tools and technical controls
• Prioritize, evaluate, resolve and escalate issues or tasks as required
• Provide appropriately detailed and timely follow-up support with customers (internal and external)
• Provide updates, status, and completion information to the team using Agile methodologies
• Troubleshoot and resolve security related IS GRC and technical issues effectively and efficiently
• Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications
• Key contributor to the design, implementation, and optimization of the IS GRC application or solutions

Preferred Qualifications

• Strong consideration will Azure or cloud services
• Basic technical understanding of cloud services principles such as IAAS, SAAS, and PAAS
• A bachelor's degree in Computer Science, Information Technology, or a related field is preferred, or applicable experience
• Certified Information Security Auditor (CISA)
• Certified in Risk Information Systems Controls (CRISC)
• GIAC Security Essentials or Professional Certification (GSEC/GISP)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Certified Insurance Data Security Professional (CIDSP)
• CompTIA Security+
• Azure/AWS Security Certifications

Benefits

• Comprehensive health, dental and vision insurance
• Mental health benefits and an employee assistance program
• A variety of paid time away benefits ( e.g. , paid time off, paid parental leave, short-term disability, and a cultural observance day)
• Contributions to healthcare accounts
• A pension plan
• A 401(k) plan with Company matching
• ProHealth Rewards, Protective’s platform to improve wellbeing while earning cash rewards
• Annual incentive based on individual and Company performance