Acuity Insurance · 2 hours ago
Information Security Compliance Analyst
Maximize your interview chances
Insurance
Growth OpportunitiesNo H1B
Insider Connection @Acuity Insurance
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Establish and maintain a knowledge and understanding of applicable information security standards and frameworks such as NIST, CIS Critical Security Controls, PCI DSS, and HIPAA, as well as relevant federal and state statutes and regulations regarding data privacy, cyber security and other applicable requirements.
Assist with the general evaluation and due diligence of Third-Party Service Providers and their security programs, ensuring the provider has in place appropriate administrative, technical, and physical measures to protect and secure the Information Systems and Nonpublic Information that are accessible to, or held by, the Third-Party Service Provider. Regularly review and audit service providers to validate ongoing compliance.
Develop, document and maintain formal security policies, standards and procedures that are in compliance with applicable laws, regulations and information security best practices. Update and maintain all documents on at least an annual basis.
Assist in the identification of security controls and processes needed to be compliant with Acuity’s Information Security Policies.
Work with Business Units to ensure the secure transfer of data to third parties.
Work with the Security Awareness Committee to support and contribute to establishing a corporate culture that is committed to information security best practices.
Prepare presentations, informational articles, educational and training materials to promote security awareness.
Assist in facilitating internal and external compliance audits, as needed.
Work with process owners within the business units to perform compliance assessments to determine if systems and controls meet regulatory requirements, industry standards, and best practices and conform to information security policies, procedures, and standards.
Monitor for new compliance regulations, assess the impact to the organization, and work with the impacted IT and business units to ensure compliance.
Gather, prepare and develop security/compliance metrics, KPIs and other reports that may be provided to management, executives and the Board of Directors.
Demonstrate a willingness and ability to continually learn and stay abreast of emerging security threats and evolving security models and responses.
Exhibit a high-level of attention to detail with strong planning and organization skills.
Remain abreast of company and industry directions.
Regular and predictable attendance.
Perform other duties as assigned.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s Degree in Computer Science, Information Systems or equivalent and continued field specific education.
Establish and maintain a knowledge and understanding of applicable information security standards and frameworks such as NIST, CIS Critical Security Controls, PCI DSS, and HIPAA, as well as relevant federal and state statutes and regulations regarding data privacy, cyber security and other applicable requirements.
Assist with the general evaluation and due diligence of Third-Party Service Providers and their security programs, ensuring the provider has in place appropriate administrative, technical, and physical measures to protect and secure the Information Systems and Nonpublic Information that are accessible to, or held by, the Third-Party Service Provider.
Regularly review and audit service providers to validate ongoing compliance.
Develop, document and maintain formal security policies, standards and procedures that are in compliance with applicable laws, regulations and information security best practices.
Update and maintain all documents on at least an annual basis.
Assist in the identification of security controls and processes needed to be compliant with Acuity’s Information Security Policies.
Work with Business Units to ensure the secure transfer of data to third parties.
Work with the Security Awareness Committee to support and contribute to establishing a corporate culture that is committed to information security best practices.
Prepare presentations, informational articles, educational and training materials to promote security awareness.
Assist in facilitating internal and external compliance audits, as needed.
Work with process owners within the business units to perform compliance assessments to determine if systems and controls meet regulatory requirements, industry standards, and best practices and conform to information security policies, procedures, and standards.
Monitor for new compliance regulations, assess the impact to the organization, and work with the impacted IT and business units to ensure compliance.
Gather, prepare and develop security/compliance metrics, KPIs and other reports that may be provided to management, executives and the Board of Directors.
Demonstrate a willingness and ability to continually learn and stay abreast of emerging security threats and evolving security models and responses.
Exhibit a high-level of attention to detail with strong planning and organization skills.
Remain abreast of company and industry directions.
Regular and predictable attendance.
Perform other duties as assigned.
Understanding of information security principles, standards and best practices as well as fundamental IT concepts, tools and technologies.
Ability to work cooperatively with technical and non-technical system users and industry vendors.
Possess strong oral and written communication skills with technical writing experience.
Have keen analytical skills with strong problem solving abilities.
Good listening skills as well as the ability to train and educate others regarding information security.
Strong ethics with a commitment to maintaining confidentiality and integrity.
Preferred
Practical experience in IT audit/compliance or related information security experience preferred.
Insurance industry knowledge/experience beneficial.