Senior IT Security Risk Analyst

The Auto Club Group (ACG) provides membership, travel, insurance and financial services offerings to approximately 9 million members and customers across 11 states and 2 U.S. territories through the AAA, Meemic and Fremont brands. ACG belongs to the national AAA federation and is the second largest AAA club in North America.

Primary Duties and Responsibilities (details of the basic job functions):

The Senior Information Security Risk Analyst develops and implements a comprehensive information security risk management program. This includes defining key risk indicators, risk registers, processes and standards. The Senior Information Security Risk Analyst works with various departments to identify, measure, and report on risk based on information assets. A key focus of the Senior Information Security Risk Analyst is to design and support the IT GRCM solution. This position works closely with Information Security Engineering and Analysts.

Duties include:

  • Continuously identify, assess, measure and monitor information technology risk by performing hands-on risk assessments.
  • Identify and communicate recommended security and control deficiencies for business units. Document and monitor the implementation of controls for applications, technologies & assets.
  • Review vendor contracts for compliance with Information Security requirements and recommend appropriate language as necessary.
  • Review and maintain assessment criteria of applications & systems for measuring compliance of company policies, procedures, standards, security training programs, technical infrastructure, applications and development efforts against defined compliance baselines.
  • Provide guidance in managing risk on Windows servers and desktops, Active Directory (Group Policy), network communications, company data stores, perimeter networks, virtual private networks, and e-mail communications.
  • Work closely with Enterprise Risk, Procurement, Internal Audit & Compliance to identify compliance baselines from legislative requirements and corporate objectives.
  • Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
  • Review and maintain all IT risk management policies, practices and procedures.
  • Design, implement and maintain an IT GRC or similar tool to conduct risk management activities.
  • Work with technology and business teams to facilitate risk assessments, risk evaluation and reporting.
  • Work with technology and business teams to develop and document risk mitigation action plans, along with recommendations to reduce information security risk within their areas.
  • Coordinate activity for vendor risk assessments and track changes that impact risk to ACG.
  • Working with information security leadership, develop strategies and plans to enforce security requirements and address identified risks.
  • Provide mentorship to other members of the IT risk security team.

Preferred Qualifications:

  • At least 5 years of experience in Information Security Risk or similar position with insurance or financial services industry.
  • Masters degree in Computer Science, Information Systems, or Business Administration preferred.
  • Security Certification (CISSP, SSCP, GIAC, CEH, etc) preferred. Required if no degree.

Work Environment:

Works in a temperature controlled office environment.

Required Qualifications (these are the minimum requirements to qualify):

Education (include minimum education and any licensing/certifications):

  • College coursework in Computer Science, Information Systems, or Business Administration – with degree preferred.
  • Security Certification (CISSP, SSCP, GIAC, CEH, etc) required if no degree.


  • Developing, maintaining and updating key risk indictors & risk registers for IT.
  • Developing, documenting, maintaining and supporting the information security risk management program in line with information security policy, practices and leading industry standards.
  • Understanding information security risks pertinent to its business goals and technology infrastructure and design an enterprise information security risk program to identify, assess and respond to risks.
  • Prepare and present risk assessment reports to system owners, business units and others.
  • Familiarity with different system platforms including web applications, web services, mainframe and UNIX
  • IT GRCM software
  • Vulnerability assessment management software

Knowledge and Skills:

  • TCP/IP networking protocols
  • Microsoft applications such as Office, PowerPoint and Visio
  • Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act
  • Strong oral and written communication skills to include report/proposal preparation and presentation (a writing and/or presentation sample may be required at time of interview).
  • Conduct risk assessments & analysis
  • Communicate effectively to large and small audiences
  • Work well under minimal supervision
  • Various applications and architecture

The Auto Club Group offers a competitive compensation and benefits packages including a base salary with performance based incentives; medical/dental/vision insurance, pension, 401(k), generous time off, a complimentary AAA Membership and much more!

The Auto Club Group, and all of its affiliated companies, is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability or protected veteran status.

Back to top