The Information Security Risk Analyst reports to the Director of Information Security Risk and is responsible for working with the various business units to ensure adherence to corporate policies and standards of the Information Security program. This role will ensure information assets are adequately protected through application and third party risk assessments.
Chartis is a world leading property-casualty and general insurance organization serving more than 40 million clients in over 160 countries and jurisdictions. With a 90-year history, one of the industry's most extensive ranges of products and services, deep claims expertise and excellent financial strength, Chartis enables its commercial and personal insurance clients alike to manage virtually any risk with confidence. For additional information, please visit our website at http://www.Chartisinsurance.com. At Chartis we support and encourage a diverse work environment. EOE.
- Identify, evaluate and report on information security risks in a manner that meets the company's legal, regulatory and contractual requirements.
- Perform security assessments of external vendors and service providers. Identify security risks and recommend mitigating controls.
- Assess the current security program, including policies, procedures, and organization and make recommendations for improvement.
- Proactively and collaboratively work with business units/regions to develop and implement procedures that meet defined policies and standards for information security management.
- Perform on-site assessments of third party service providers when required.
- Perform application security assessments on both internal and third party applications.
- Provide first level review/approval of Firm's Security Risk Exceptions.
- Assist Legal team in contract negotiations with third parties around Information Security related matters.
- Ensure the information security management program is in compliance with applicable laws, regulations, contractual requirements, and policies (e.g., the Health Insurance Portability and Availability Act, the Payment Card Industry Data Security Standard and the Internal Revenue Service Tax information Security Guidelines) to minimize or eliminate risk and address audit findings.
- Act as a specialist performing duties requiring thorough knowledge of Information Security as well as the firm's Information Security policies, standards and procedures.
- Has excellent interpersonal skills is able to work with both colleagues as well as external clients.
- Integrity and professionalism is beyond reproach often has to deal with sensitive and / or confidential information.
- The ideal candidate is an integrator of people and processes, an innovative leader, a problem solver, an effective consultant, and possesses solid domain competency in the field of information security management. The Information Security Risk Analyst will work directly with regional departments to establish and facilitate IT security risk assessments.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Must be a critical thinker with strong problem-solving skills.
- Up-to-date knowledge of technological trends and developments in the area of information security and risk management.
- Knowledge of information security standards, codes of practice and guidelines such as the ISO/IEC 27000 series, the NIST Computer Security Division Special Publications and Federal Information Processing Standards, and the Payment Card Industry Data Security Standard.
- Bachelor's degree in business administration or a technology related field, or 4 years experience in an information technology role, 2 of which are in information security or risk management.
- Professional certification such as CISSP, CISA or CISM is preferredAbout Chartis
Chartis - 18 months ago
Even to this day American International Group (AIG) is one of the world's largest insurance firms. While it held the spotlight...