Information Security Analyst

Qualifications

Minimum Education Level: Bachelor's

Job Summary 
  
The Information Security Analyst will be part of the Information Security Governance, Risk, and Compliance (GRC) team to consistently apply a risk-based methodology in order to identify and communicate a range of cybersecurity risks. Analysts may provide recommendations to customers on security countermeasures and controls for risks to their systems and data; lead security education, training, and awareness efforts; independently perform security risk assessments; support team members in responding to security incidents; create and champion corporate security policies; identify, document, and track security exceptions; recognize and escalate security violations; and, lead efforts to automate GRC processes. Analysts should demonstrate the following:
  • Analytical and critical thinking skills to create and articulate logical, risk-based outcomes
  • Commitment to being detail-oriented and observant in order to identify opportunities for process improvement
  • Capable of being diplomatic and professional when engaging with internal stakeholders or external business partners
  • Consistently proactive in initiating assigned tasks and identifying opportunities to contribute to the team’s success
  • Capable of independently managing workload, prioritization, and deadlines
  • Excellent writing, communication, and presentation skills
  • Communicates early and often when challenges are encountered
  • High level of productivity and sense of urgency when managing assignments
  • Add value to the team by meeting ambiguity with flexibility and creativity
 Essential Job Functions   
 
Stakeholder Management (10%):
  • Coordinate and manage GRC services provided to a customer end-to-end.
  • Interface with global IT and security teams to ensure consistent level of service.
  • Communicate the value of information technology (IT) security throughout all levels of the organization’s stakeholders.
    Project Management (10%):
  • Serve as a point of contact for assigned security projects/initiatives. Demonstrate ownership of assigned projects/initiatives from initiation to completion.
  • Perform security reviews, identify gaps, and develop a security risk management plan.
  • Consistently achieve deadlines by submitting deliverables both early and on time. Proactively communicate when deadlines will not be met and be able to articulate the justification.
    Security Strategy, Governance, and Oversight (20%)
  • Champion security policies, procedures, standards, and guidelines in daily interactions with end users.
  • Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
    Security Risk Management & Reporting (20%):
  • Validate data collected for security reporting.
  • Develop acumen in identifying, assessing, documenting, and articulating data security and data privacy risks.
  • Develop acumen in identifying and articulating appropriate countermeasures and controls to address data security and data privacy risks.
  • Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.
  • Conduct supplier data security risk assessments, project security assessments, business risk assessments, and security testing.
    IT & Security Platforms, Incident Management & Compliance (20%):
  • Assist with evidence gathering for security compliance reviews, security assessments, or cybersecurity incidents and events.
  • Recognize a possible security violation and take appropriate action to report the incident, as required.
  • Participate in audits of cyber programs and projects. Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Demonstrate ownership of assigned audit actions or regulator requests by diligently providing responses and evidence within established timeframes.
    Technology Expertise (5%):
  • Develop working knowledge and expertise in the various security platforms at Farmers.
    Professional Development and Work Ethic (15%):
  • Identify development needs to enhance skills, knowledge, and competencies for professional strengths and improvement areas.
  • Take ownership of achieving development goals to enhance cybersecurity expertise, interpersonal skills, and personal brand.
  • Consistently demonstrate integrity and reliability by fostering trusting relationships with coworkers and stakeholders.
  • Consistently demonstrate sense of personal responsibility for job performance and completing projects.
  • Consistently demonstrate emphasis on quality by seeking to meet or exceed expectations.
  • Consistently demonstrate discipline by seeing assignments through to the end.
  • Consistently demonstrate sense of teamwork by helping the team meet its goals and delivering quality work.
Posted: August 21, 2018
<< Back to Job-Board