Kinsale Insurance Company
Information Security Analyst
Kinsale Insurance Company, Richmond, Virginia, United States, 23214
Kinsale Insurance is looking for individuals who are passionate about security and technology. This Information Security Analyst role will report to the Manager of Information Security and will help improve the security posture of the organization. Create, maintain, communicate, enhance, and monitor security policy, drive information security compliance, and manage risk across IT and the lines of business.
Responsibilities:
Information Security Program Management
Plan, analyze, and facilitate updates to information security policies, standards, procedures, and guidelinesManage, create, and update information security governance documentationServe as a trusted resource for information security governanceUtilize risk management frameworks and control catalogs, such as the NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls, as well as various audit processes to assess the organization's information security posture and make recommendations for improvementConduct risk assessments at the network, system, application, and vendor levels and assess results against policies, standards, procedures, industry best practice, and acceptable risk thresholdsPerform business impact analysis (BIA), update business continuity and disaster recovery plans.Provide IT security requirements and guidance to IT and business stakeholdersSupport delivery of the IT third-party risk management programPrevention
Ensure employees receive initial and routine security awareness training; design and implement ongoing awareness activitiesDesign and deliver enterprise-wide internal phishing campaigns, and perform necessary data analysis for risk remediationIdentify security controls and formulate risk treatments plans to manage information security risks that fall outside of acceptable thresholdsWork with appropriate stakeholders to implement controls in alignment with IT governance documentsCreate and review information systems security status, standards compliance, and deficiencies using key performance indicators, key risk indicators, and other metricsDetection and Response
In coordination with information security team members, respond to IT security events, incidents, suspicious activity and / or alerts to prevent adverse impact to users, processes, systems, or dataCoordinate routine incident response tabletop planning activities and tests, including other areas of IT operations as appropriateCoordinate routine disaster recovery planning, testing, and documentationQualifications:
Bachelor's degree in computer science, technology, or related field preferred; equivalent experience will be considered3+ years of experience across one or more IT security domains2+ years of working with risk monitoring and tracking processes across a variety of security controls and driving remediation activities2+ years of experience working in an enterprise IT security, risk, or governance environmentAbility to balance appropriate information security controls with business risk toleranceExperience with information security frameworks and control catalogs such as NIST CSF, CIS CSC, NIST 800-53, and ISO/IEC 27001/2Experience with Sarbanes-Oxley (SOX) controlsExperience with U.S. state information security and privacy regulations such as NY Cybersecurity Requirements for Financial Services Companies, Virginia Insurance Data Security Act, and California Consumer Privacy Act is preferredDetailed understanding of information security and compliance best practicesAbility to create reports and dashboards using commercial off-the-shelf tools such as MS Excel and PowerPointExcellent analytical and problem-solving skillsStrong communications (written and verbal) and collaboration skillsCISSP, CISM, CISA, or CRISC certifications are preferredAt Kinsale we offer the following great benefits:
Competitive salary with performance-based bonus opportunitiesSingle and Family Health, Dental and Vision Insurance plans with HSA funds contributedShort-Term and Long-Term disabilityLife InsuranceMatching 401(k)Generous Paid Time Off and HolidaysEducation dollars for training and certifications
Responsibilities:
Information Security Program Management
Plan, analyze, and facilitate updates to information security policies, standards, procedures, and guidelinesManage, create, and update information security governance documentationServe as a trusted resource for information security governanceUtilize risk management frameworks and control catalogs, such as the NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls, as well as various audit processes to assess the organization's information security posture and make recommendations for improvementConduct risk assessments at the network, system, application, and vendor levels and assess results against policies, standards, procedures, industry best practice, and acceptable risk thresholdsPerform business impact analysis (BIA), update business continuity and disaster recovery plans.Provide IT security requirements and guidance to IT and business stakeholdersSupport delivery of the IT third-party risk management programPrevention
Ensure employees receive initial and routine security awareness training; design and implement ongoing awareness activitiesDesign and deliver enterprise-wide internal phishing campaigns, and perform necessary data analysis for risk remediationIdentify security controls and formulate risk treatments plans to manage information security risks that fall outside of acceptable thresholdsWork with appropriate stakeholders to implement controls in alignment with IT governance documentsCreate and review information systems security status, standards compliance, and deficiencies using key performance indicators, key risk indicators, and other metricsDetection and Response
In coordination with information security team members, respond to IT security events, incidents, suspicious activity and / or alerts to prevent adverse impact to users, processes, systems, or dataCoordinate routine incident response tabletop planning activities and tests, including other areas of IT operations as appropriateCoordinate routine disaster recovery planning, testing, and documentationQualifications:
Bachelor's degree in computer science, technology, or related field preferred; equivalent experience will be considered3+ years of experience across one or more IT security domains2+ years of working with risk monitoring and tracking processes across a variety of security controls and driving remediation activities2+ years of experience working in an enterprise IT security, risk, or governance environmentAbility to balance appropriate information security controls with business risk toleranceExperience with information security frameworks and control catalogs such as NIST CSF, CIS CSC, NIST 800-53, and ISO/IEC 27001/2Experience with Sarbanes-Oxley (SOX) controlsExperience with U.S. state information security and privacy regulations such as NY Cybersecurity Requirements for Financial Services Companies, Virginia Insurance Data Security Act, and California Consumer Privacy Act is preferredDetailed understanding of information security and compliance best practicesAbility to create reports and dashboards using commercial off-the-shelf tools such as MS Excel and PowerPointExcellent analytical and problem-solving skillsStrong communications (written and verbal) and collaboration skillsCISSP, CISM, CISA, or CRISC certifications are preferredAt Kinsale we offer the following great benefits:
Competitive salary with performance-based bonus opportunitiesSingle and Family Health, Dental and Vision Insurance plans with HSA funds contributedShort-Term and Long-Term disabilityLife InsuranceMatching 401(k)Generous Paid Time Off and HolidaysEducation dollars for training and certifications