Cybersecurity Governance, Risk, & Compliance Analyst Job at AEGIS Insurance

AEGIS Insurance Services, Inc. (“AEGIS”) has an immediate opening for a Cybersecurity Governance, Risk, and Compliance Analyst that plays a vital role in safeguarding the Company’s information assets by facilitating, operating, and maintaining a comprehensive Governance, Risk, and Compliance program. This program aligns with our Cybersecurity and Compliance goals and objectives. The Cybersecurity Governance, Risk, and Compliance Analyst will collaborate with various stakeholders including the Senior Security Engineer, IT Infrastructure team, IT Application teams, Legal, and vendors.

The role offers a dynamic blend of responsibilities which include, reviewing cybersecurity controls, conducting risk assessments, supporting, and coordinating audits (including SOC 2 certification), and actively participating in security operations. In addition, the role will have the opportunity to assess security events and validate controls across the security landscape.

Job Requirements:

• Experience with information security-related processes, programs, and/or protocols desired
• Undergraduate degree in Information Systems, Management Systems, Cybersecurity or related discipline or equivalent certification or work experience
• Working knowledge of information security principles and best practices frameworks
• Ability to identify and assess the severity and likelihood of cybersecurity or related risks
• Ability to communicate technical information to non-technical audiences
• Demonstrated strong analytical and research skills
• Proficiency in Microsoft Office Suite; specifically, Excel, PowerPoint, and Word

Candidate Attributes:

• Achievement-Oriented: Demonstrates persistence and perseverance in achieving concrete and tangible outcomes by taking action to get optimum results when encountering obstacles or resistance
• Collaborative: Develops and maintains effective working relationships across functional and divisional lines by readily sharing information, knowledge, and resources
• Detail-Oriented: Displays thoroughness and accuracy in quality communications and deliverables through the application of technical skills and industry/product knowledge
• Service-Oriented: Conveys a genuine desire and ability to anticipate and meet customer needs and creates and nurtures mutually beneficial relationships within AEGIS and with AEGIS Members and brokers
• Work Ethic: Takes ownership for one’s responsibilities by acting with integrity and holding oneself accountable to continuous improvement

Essential Job Functions:

Training and Documentation

Risk Management:

• Maintain a comprehensive cyber and IT risk register, conducting ongoing risk assessments
• Communicate risk assessment findings effectively to risk owners and track remediation progress
• Support continuous control evidence gathering and participate in documenting, assessing, and remediating issues and risks identified during audits and risk assessments

Governance:

• Actively support the development, implementation, revision, and updates of security and compliance policies, procedures, practices, and key performance indicators (KPIs)
• Maintain an accurate and up-to-date IT asset inventory

Security Awareness & Training:

• Oversee and maintain the employee awareness training program, including phishing simulations

Continuous Learning:

• Proactively stay current with the ever-evolving cybersecurity threat landscape

Testing, Monitoring and Reporting

Regulations & Frameworks:

• Document and track relevant regulatory requirements and frameworks (e.g., NIST CSF, SOC 2) and ensure alignment with internal controls and policies

Compliance:

• Manage and actively support both internal and external audit engagements
• Conduct regular control testing to ensure ongoing compliance

Vulnerability Management:

• Assign and track vulnerability remediations, actively supporting the vulnerability management process

Cloud Security:

• Regularly assess and track the organization's cloud security posture

Executive Reporting:

• Regularly generate KPI and status reports to keep leadership informed of the GRC program's effectiveness

Investigation, Analysis and Assessment

Third-Party Risk Management:

• Conduct thorough third-party risk assessments to ensure all vendors are vetted and approved before onboarding
• Continuously monitor critical vendors using a vendor risk management platform

Incident Response & Disaster Recovery:

• Support and document incident response and disaster recovery exercises
• Document security events thoroughly

www.aegislink.com

EOE

AEGIS Insurance Services, Inc. participates in E-Verify

We expect to pay a starting salary between $75,000 and $105,000. An applicant’s placement within this range is based on their individual qualifications and professional experience. In addition to base salary, AEGIS employees are eligible to participate in the Company’s annual incentive program, with competitive awards based on corporate and individual performance.

In addition, we offer a comprehensive and competitive suite of options for health, retirement, income protection, wellness, and additional benefits:

• Health: medical and prescription coverage, behavioral health, dental, vision, health savings account (includes a Company contribution), and flexible spending accounts
• Retirement: 401(k) plan that includes matching contributions and an additional Company contribution of 4% (subject to IRS limitations)
• Income Protection: basic and supplemental life insurance, short-term and long-term disability coverages, accident, and critical illness insurance
• Wellness: on-site health and fitness center, on-demand fitness and well-being app, and employee assistance program with support on mental health, financial, and legal services
• Additional benefits: commuter benefits that include a transit subsidy from the Company, pet insurance, paid time off (vacation, floating holidays, sick, and Company paid holidays), and a variety of leaves of absence (health, family, and military)
• Educational assistance and professional development opportunities
• Hybrid work schedule