Information Security Risk Analyst
The Auto Club Group (ACG) provides membership, travel, insurance and financial services offerings to approximately 9 million members and customers across 11 states and 2 U.S. territories through the AAA, Meemic and Fremont brands. ACG belongs to the national AAA federation and is the second largest AAA club in North America.
Primary Duties and Responsibilities (details of the basic job functions):
The Information Security Risk Analyst implements and maintains a comprehensive information security risk management program. This includes defining key risk indicators, risk registers, processes and standards. The Information Security Risk Analyst works with various departments to identify, measure, and report on risk based on information assets. A key focus of the Information Security Risk Analyst is to maintain and support the IT GRCM solution. This position works closely with Information Security Engineering and Analysts.
- Continuously identify, assess, measure and monitor information technology risk by performing hands-on risk assessments.
- Identify and communicate recommended security and control deficiencies for business units. Document and monitor the implementation of controls for applications, technologies & assets.
- Maintain assessment criteria of applications & systems for measuring compliance of company policies, procedures, standards, security training programs, technical infrastructure, applications and development efforts against defined compliance baselines.
- Work closely with Enterprise Risk, Internal Audit, Procurement & Compliance to identify compliance baselines from legislative requirements and corporate objectives.
- Develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards.
- Understand information security risks pertinent to its business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
- Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
- Work with technology and business teams to develop and document risk mitigation action plans, along with recommendations to reduce information security risk within their areas.
- Assist with vendor assessments for evaluations and tracking of risk changes.
- Working with information security leadership, develop strategies and plans to enforce security requirements and address identified risks.
Supervisory Responsibilities (briefly describe, if applicable, or indicate None):
- At least 3 years of experience in Information Security Risk related position for insurance or financial services industry.
- Masters degree in Computer Science, Information Systems, or Business Administration preferred.
- Security Certification (CISSP, SSCP, GIAC, CEH, etc) preferred. Required if no degree.
Works in a temperature controlled office environment.
Required Qualifications (these are the minimum requirements to qualify):
Education (include minimum education and any licensing/certifications):
- College coursework in Computer Science, Information Systems, or Business Administration – with degree preferred.
- Security Certification (CISSP, SSCP, GIAC, CEH, etc) required if no degree.
- Documenting IT risk management policies, practices and procedures.
- Developing, maintaining and updating key risk indictors & risk registers for IT.
- Monitoring and tracking the status of risk mitigation plans.
- Supporting and maintaining an IT GRC or similar tool to conduct risk management activities.
- Working with technology and business teams to facilitate risk assessments, risk evaluation and reporting.
- Prepare and present risk assessment reports to system owners, business units and others.
- Familiarity with different system platforms including web applications, web services, mainframe UNIX and Windows
- IT GRCM software
- Vulnerability assessment management software
Knowledge and Skills:
- Various applications and architecture
- TCP/IP networking protocols
- Microsoft applications such as Office, PowerPoint and Visio
- Regulatory requirements such as PCI, HIPAA, FFIEC and Gramm-Leach-Bliley Act
- Strong oral and written communication skills to include report/proposal preparation and presentation (a writing and/or presentation sample may be required at time of interview)
The Auto Club Group offers a competitive compensation and benefits package including a base salary with performance based incentives; medical/dental/vision insurance, pension, 401(k), generous time off, a complimentary AAA Membership and much more!
Important Note: The above statements describe the principal and essential functions, but not all functions that may be inherent in the job. This job requires the ability to perform duties contained in the job description for this position, including, but not limited to, the above requirements. Reasonable accommodations will be made for otherwise qualified applicants, as needed, to enable them to fulfill these requirements.
The Auto Club Group, and all of its affiliated companies, is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability or protected veteran status.
Meet Some of The Auto Club Group's Employees
ERS Product Specialist
Sabri assists Auto Club Group members in need of emergency roadside assistance, providing the relief they require by sending mechanic services and offering a little laughter.
Back to top