Fevrok logo
Sr. Engineer, Cyber SecuritySenior Information Security Governance Analyst
3 years ago

Job Requirement:

Senior Information Security Governance Analyst

This position will play several key roles:

This position is responsible for implementation of the security function within the Governance, Risk and Controls program. Perform formal risk analysis and security design review ensuring appropriate policies and standards are applied to projects consistent with Guardians risk appetite and regulatory/legal requirements for various Business and Information Technology systems and processes. Conduct design reviews of AWS services as well as other new cloud services affecting public, private or hybrid cloud infrastructures, risk rank results and present to security leadership. Manage/coordinate remediation efforts after security assessment findings outline weaknesses requiring attention. Collaborate on Guardians cloud security strategy and resilient enterprise-grade cloud processes in tandem with security architects and system engineers as well as contribute to Cloud security roadmap. Using technical skills, industry, and security knowledge, identify risks, mitigations, and (working with Information Security Leadership) prepare relevant information to present residual risks to IT Risk Council. Plan, coordinate and execute Information Security / special projects. Create process flows to better define, measure, improve, analyze, and control security and privacy processes. Prepare, maintain, and update security processes, procedures, and standards including Information Security Governance engagement model and design templates, company notifications and alerts in support of the Information Security, Risk and Controls department. Working with the threat modeling (TM) lead in Security Architecture to integrate TM tools into the Security Design Review Process. Review Vendor software/hardware and Third-Party information security integration controls/risks and document gaps and issues for action. Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure application and infrastructure configurations. Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation. Assist in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered. Partner with Security Architecture and Cloud/Security Services Engineering (E-Train) to solution gaps in cloud infrastructure controls or automate critical manual controls. (Includes proof of concept, design, implementation and hand off to operational teams) Mentor staff on cloud security and application security principles

YOU WILL:

  • Conduct security design and implementation-level reviews and risk assessments and controls selection activities by working with information owners (Business and IT) to conduct such assessments. Directly responsible for procedures to assure compliance with Corporate Policies and Standards, applicable regulatory and legal requirements as well as good business security practices. Must possess knowledge of security and control, technical and process solutions to be successful. Provide subject matter expertise as required to projects in all business and IT areas. Will need how to work effectively in a matrix environment, with project managers, stakeholders, and resources. Have a strong background in information technology with a clear understanding of the challenges of Information Security. Possess good analytical and problem-solving abilities to identify and consult on security risks remediation. To build understanding and awareness of security issues throughout the company, the individual must have excellent communication and presentation skills. Also, need good team working skills to develop security solutions in collaboration with other Information Technology professionals.

  • Perform security and risk assessments on projects, both cloud hosted and non cloud hosted, driving requirements, control design, risk ranking and mitigations. Coordinating with security architecture, security services, infrastructure operations and security engineering, deploy and operate a secure (both cloud and non-cloud) application infrastructure that aligns with business needs.

  • Participate and engage for incorporating security governance controls and project(s) engagements

  • Prepare, maintain, and update security processes, procedures, and standards including IT Security Governance engagement model and design templates, company notifications and alerts in support of the IT Security, Risk and Controls department.

  • Conduct projects to evaluate new capabilities at direction of Information Governance Leadership

  • Help ensure compliance with HIPAA, GLBA, PCI, MAR, and other regulatory requirements

  • Security Awareness & Training

  • Identify and collaborate with security staff to broaden the security reach within the company.

  • Maintaining industry / technology awareness

  • Maintain an active awareness of security technologies, best practices, and regulatory activities through industry events and networking.


YOU HAVE:


  • Security, Risk and Technology

  • Skills in reviewing vulnerability scans and recognizing vulnerabilities in security systems.

  • Knowledge of encryption algorithms

  • Knowledge of information technology (IT) security principles and methods (e.g., firewalls, Demilitarized Zones, encryption)

  • Experience working with network access, identity (SailPoint knowledge a plus), and access management (e.g., Active Directory, LDAP, access federation, multifactor authentication, PKI, and IDAM experience, including OAuth and OpenID

  • Experience working with operating systems (Microsoft Windows, Linux, UNIX, MacOS)

  • Knowledge of various database (SQL, Oracle) platforms.

  • Knowledge of how traffic flows across the network (e.g., TCP & TCP/IP, OSI, etc.)

  • Knowledge of secure configuration management techniques

  • Knowledge of software engineering

  • Skill in assessing the robustness of security systems and designs.

  • Skill in designing countermeasures to identified security risks.

  • Skill in designing security controls based on NIST principles and tenets.

  • Skill in determining how a security system should work (including its resilience and dependability capabilities)

  • Skill in developing and applying security system access controls.

  • Skill in using network analysis tools to identify vulnerabilities.

  • Knowledge of HIPAA/HITECH, Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards

  • Strong knowledge of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, State Privacy Laws, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws. Ability to relate these regulations back to security controls.

  • Understanding and application of information security standards and best practices including NIST Cybersecurity Framework, ISO 27001-4, CoBIT, Cloud Security Alliance, NIST, etc.

  • Ability to identify risks, quantify them, and help recommend and design mitigations.

  • Broad knowledge of Unix, Linux, and Windows server environments. Knowledge of various database platforms.

  • Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring.

  • Excellent verbal and written communication skills

  • Ability to develop and QA/oversee development of high-quality project artifacts.

  • Ability to collaborate, influence and communicate successfully in different ways concisely to different audiences (i.e., in business terms to businesspeople, in technical terms to technical people)

  • Able to develop and present dashboards.

  • Excellent Communication skills

Qualifications:

Education / Experience:

  • At least 5-7+ years experience in cybersecurity as a practitioner and with at least 2-3+ years exposure with Amazon Web Services (AWS), Microsoft Azure, Oracle, and IBM Cloud a PLUS

  • Multiple years of experience in managing and/or a leadership role in security, controls covering a wide area of technologies and security domains including those previously mentioned.

  • Financial industry or highly regulated industry background (Health/Life Insurance, etc.)

  • Holds or working toward one or more certifications including: CCSP, CISSP, AWS Certified Cloud Practitioner or additional AWS advanced certifications such as AWS Certified DevOps Engineer

  • Bachelors degree or higher preferably in Computer Science, Engineering, or a related scientific field





Our Promise:


At Guardian, youll have the support and flexibility to achieve your professional and personal goals. Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.


We Offer:

  • Meaningful and challenging work opportunities to accelerate technology and innovation in a secure and compliant way.

  • Competitive compensation

  • Excellent medical, dental, supplemental health, life and vision coverage for you and your dependents with no wait period

  • Life and disability insurance

  • A great 401(k) with match

  • Tuition assistance, paid parental leave and backup family care.

  • Dynamic, modern work environments that promote collaboration and creativity.

  • Flexible time off, dress code, and work location policies to balance your work and life in the ways that suit you best.

  • Social responsibility in all aspects of our work. We volunteer within our local communities, create educational alliances with colleges, drive a variety of initiatives in sustainability, and advocate for diversity & inclusion in all that we do.



Primary Location:

Remote - United States


Other Locations:

Job:

IT


Schedule:

Full time

Equal Employment Opportunity:

Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.








posted by
Fevrok Botavatar
Fevrok Bot @bot
I'm a Fevrok Bot I fetch jobs from Fevrok partners websites
Company
Guardian Life Insurance Company of America's logo
Guardian Life Insurance Company of America
@guardian-life-insurance-company-of-america (company)
similar jobs
Sr Cyber Engineer Sr Principal Cyber Systems Engineer (HPPV) Sr Principal Cyber Systems Engineer (HPPV) Sr Principal Cyber Systems Engineer (HPPV) Sr Principal Cyber Systems Engineer (EC) - Up to 20k Sign On Bonus Sr Principal Cyber Systems Engineer (EC) - Up to 20k Sign On Bonus Sr Principal Cyber Systems Engineer (HPPV) - Up to 20k Sign On Bonus Sr Malware Prevention Reverse Engineer - Cyber Security Operations Engineer - Cyber Security (Sr.)
Fevrok logo
Get support
Company
About us Blog Sitemap
Legal
Privacy policy
©2025 Fevrok. All Rights Reserved.
  english