Hagerty · 7 hours ago
Security Risk Analyst II
United States
Full-time
Remote
Entry, Mid Level
2+ years expHagerty is an automotive enthusiast brand and the world’s largest membership organization. They are seeking a Security Risk Analyst II to support the Governance, Risk & Compliance program, focusing on conducting risk assessments and managing compliance with various frameworks.
Auto InsuranceInsuranceInsurTech
Responsibilities
Perform comprehensive security and compliance risk assessments using ServiceNow IRM Risk, Policy & Compliance, and Vendor Risk modules
Review and validate inherent and residual risk scoring, ensuring consistent application of risk methodologies
Evaluate control effectiveness using evidence, documentation, interviews, and technical data
Identify security risks, gaps, and vulnerabilities across processes, technologies, vendors, and applications
Document detailed findings, recommendations, and remediation plans
Create, update, and manage risk records, assessments, workflows, indicators, and control attestations
Support enhancements to IRM processes, playbooks, and automation capabilities
Assist with platform data integrity, reporting, dashboards, and process optimization
Support ongoing compliance efforts aligned to ISO 27001, PCI, NYDFS, and other regulatory frameworks
Participate in internal and external audit readiness activities by gathering evidence, validating controls, and tracking requirements
Maintain documentation including policies, standards, risk methodology, and control libraries
Work closely with business owners, security engineers, procurement, and IT teams to explain risks and required actions
Track remediation plans, validate closure, and assist teams in interpreting control obligations
Present risk findings and trends to GRC leadership and cross-functional teams
Produce dashboards and risk reports from ServiceNow IRM for leadership review
Monitor KPIs and KRIs related to risk posture, control performance, and compliance obligations
Qualification
Required
2+ years of experience in GRC, information security, risk management, or compliance roles
Hands-on experience using ServiceNow IRM (Risk, Policy & Compliance, Vendor Risk, or Audit modules)
Strong understanding of information security and GRC frameworks (ISO 27001, PCI, NYDFS and other regulatory frameworks)
Experience conducting or supporting risk assessments for applications, processes, or technology
Ability to analyze complex security issues and communicate findings clearly to technical and non-technical stakeholders
Familiarity with security controls, vulnerability management, and audit concepts
Preferred
Certifications such as Security+, CySA+, CCSK, CISA, CRISC, CGEIT, or ISO 27001 Lead Implementer/Auditor
Experience with risk quantification models (e.g., FAIR) a plus
Background supporting audits (ISO 27001, PCI, etc.)
Experience contributing to GRC process improvements or workflow automation
Strong analytical and critical-thinking skills
Excellent written and verbal communication
Detail-oriented with strong documentation capabilities
Ability to manage multiple tasks and deadlines independently
Company
Hagerty
We're Hagerty, and we help enthusiast drivers insure, buy/sell and enjoy their rides. #NeverStopDriving
1001-5000 employees
H1B Sponsorship
Hagerty has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (3)
2022 (2)
2021 (1)
2020 (2)
Funding
Current Stage
Public CompanyTotal Funding
$195.6M2025-08-07Post Ipo Secondary· $90.6M
2023-06-23Post Ipo Equity· $80M
2023-06-23Post Ipo Debt· $25M
Leadership Team
Arjun Chowdri
Senior Vice President, Membership & Retention
Gary Chard
Senior Vice President, Operations - Marketplace
Recent News
Broad Arrow Auctions
2025-07-22
Company data provided by crunchbase