Job Details

ID #46227585
State California
City San diego
Job type Permanent
Salary USD TBD TBD
Source ICW Group (Insurance Company of the West)
Showed 2022-10-05
Date 2022-10-04
Deadline 2022-12-02
Category Et cetera
Create resume

IT Governance Risk & Compliance Analyst

California, San diego, 92128 San diego USA

Vacancy expired!

Are you looking for more than just a job? Do you want to have a voice and feel a sense of belonging? At ICW Group, we hire innovative people who consistently adapt, grow and deliver. We believe in hard work, a fun work environment, and embracing creativity that only comes about when talented people collaborate to develop solutions. Our mission is to create the best insurance experience possible.

Headquartered in San Diego with regional offices located throughout the United States, ICW Group has been named for seven consecutive years as a Top 50 performing P&C company offering the stability of a large, profitable and growing company combined with a small-company entrepreneurial spirit. Our purpose-driven ethos provides team members with opportunities to contribute, develop, and belong.

The

IT Governance

Risk and Compliance Analyst will support companywide information security risk and governance programs by understanding company technology compliance requirements, performing control reviews against industry standards, identifying and mitigating technology risks, and supporting the completion of various IT governance initiatives. This position will assess and document the compliance and risk posture as it relates to information assets.

WHAT YOU WILL DO:

Supports information security risk and governance programs
  • Assists in the management of company compliance requirements such as Model Audit Rule, data privacy laws including CCPA, NYDFS, and industry certifications to ensure proper internal controls for reporting.
  • Develops and maintains technology related policies, procedures, and standards that address security requirements related to strategies, regulations, business & technology risks, and industry standards.
  • Performs information security control reviews and assessments across technology and business teams to address risk and compliance against various industry and technology frameworks (i.e., SSAE18 SOC2; NIST Cybersecurity Framework, COBIT, and ISO27001).
  • Identifies, quantifies, tracks, and leads mitigation of risks and control exceptions in collaboration with Third Party Risk program requirements and communicate results to department leadership.
  • Oversees and executes control activities such as periodic system access reviews to ensure activities meet defined requirements, policies, and regulations.
  • Performs information security risk assessments on third party vendors and external business partners in coordination with Third Party Risk Program.
Participates in the completion of various IT governance initiatives
  • Partners with team members to fulfill technology and information security related information requests (e.g., RFPs and RFIs, third party requests, and ad hoc technology reviews).
  • Assists with the creation, alerting, and monitoring of key department metrics to ensure effective system-wide security analysis, intrusion detection, and risk assessment.
  • Assists with the completion of IT Governance deliverables supporting IT Financial Management, IT Strategic Planning, and reporting to executives and senior leaders.
Develops industry knowledge in the field of regulations.
  • Supports and interprets information provided by Internal/External Audit for relevant compliance concerns.
  • Reviews, analyzes, and interprets controls for design and operational effectiveness to determine adherence to regulatory, contractual, and corporate policies and standards.
  • Shares industry information with the applicable stakeholder groups.
  • Keeps up to date on developing regulatory concerns, changing IT and information security trends.

WHAT YOU BRING TO THE ROLE:
  • Bachelor's degree (IT, Business, Accounting or Statistics) Required.
  • 6+ years of related experience and/or training
  • Experience in Sarbanes-Oxley or Model Audit Rule requirements.
  • Experience in applying IT control & security frameworks such as SSAE18 SOC2, COBIT, NIST Cyber Security Framework, ISO 27001.
  • Knowledgeable in Personal Identifiable Information, Personal Information, and Payment Card Industry compliance requirements.
  • CISA, CRISC, CISM, CISSP, and/or CGEIT preferred.

KNOWLEDGE AND SKILLS
  • Ability to apply fundamental Information Technology General Controls, concepts, practices, and procedures in area of Information Technology.
  • Understanding of fundamental information security concepts and technology.
  • Ability to develop security standards and guidelines based on best practices and industry standards.
  • Ability to read, analyze, and interpret industry control framework concepts.
  • Must be able to assess and apply the types of controls, such as detective, preventative and corrective.
  • Proven organizational, analytical and time management skills.
  • Demonstrated ability to negotiate and influence.
  • Excellent interpersonal skills.

CERTIFICATES, LICENSES, REGISTRATIONS
  • CISA, CRISC, CISM, CISSP, and/or CGEIT preferred.

WHY JOIN ICW GROUP?
  • A flexible work schedule, hybrid and remote opportunities
  • Challenging work and the ability to make a difference
  • You will have a voice and feel a sense of belonging
  • We offer a competitive benefits package, with generous medical, dental, and vision plans as well as 401K retirement plans
  • Want to continue learning? We'll support you 100%
ICW Group is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. ICW Group will not discriminate against an applicant or employee on the basis of race, color, religion, national origin, ancestry, sex/gender, age, physical or mental disability, military or veteran status, genetic information, sexual orientation, gender identity, gender expression, marital status, or any other characteristic protected by applicable federal, state or local law.

#LI-JD1

#dice

Vacancy expired!

Subscribe Report job