Cyber Risk Analyst

External candidates: In order for your application to be correctly processed please sign-in before you apply

Internal candidates: Please go to Workday and click "Find Jobs" link under Career

Thank you for considering opportunities with us!

Job Title

Cyber Risk Analyst

Requisition Number

R6884 Cyber Risk Analyst (Open)

Location

Arizona - Home Teleworkers

Additional Locations

Arkansas - Home Teleworkers, Arkansas - Home Teleworkers, Colorado - Home Teleworkers, Colorado Springs, Colorado, Florida - Home Teleworkers, Georgia - Home Teleworkers, Idaho - Home Teleworkers, Illinois - Home Teleworkers, Indiana - Home Teleworkers, Iowa - Home Teleworkers, Kansas - Home Teleworker, Kentucky - Home Teleworkers, Louisiana - Home Teleworkers, Michigan - Home Teleworkers, Minnesota - Home Teleworkers, Mississippi - Home Teleworker, Missouri - Home Teleworker, Montana - Home Teleworkers, Nebraska - Home Teleworkers, Nevada - Home Teleworkers, New Jersey - Home Teleworkers, New Mexico - Home Teleworker, North Carolina - Home Teleworkers, Ohio - Home Teleworkers, Oklahoma - Home Teleworkers {+ 10 more}

Job Information

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Cyber Risk Analyst! Join us and support CSAA IG in achieving our goals. 

Your Role: Supports the management of Information Technology risk for both new build and existing infrastructure and environments. Provides subject matter expertise to leadership, IT teams, and the business on cybersecurity matters.

Works with the security team, including vulnerability management, logging and monitoring, and threat intelligence teams to understand threats and the CSAA IT environment to communicate CSAA’s security posture.

Performs more complex work supporting implementation of IT risk management processes and cyber risk quantification (CRQ). Incumbents in this level work under general supervision on projects of moderate to high scope and complexity and rely on experience to advise the business on their technology security risk exposure and measures to manage and mitigate risk.

Your work:

Security Risk Management:

• Conduct risk assessments, analyze the effectiveness of CSAA IG's IT compliance activities, and report with recommendations to leadership.

• Performs compliance reviews to ensure applications, platforms, and cloud environments are operating in accordance with established policies and procedures.

• Support business projects, often using Agile methodologies, to identify security requirements and concerns, coordinating with staff from the IT organization and business units.

•  Track and manage security findings and exceptions in the governance, risk, and compliance (GRC) platform.

• Develop and maintain security dashboards to inform security risk management, IT teams, and business leadership of risk exposure.

Cyber Risk Quantification:

•  Using Factor Analysis of Information Risk (FAIR) methodology, analyze technology risk scenarios modeling impact and likelihood of cyber risk events.

• Use the MITRE ATT&CK framework to develop threat models for use in cyber risk quantification.

• Develop methodologies and models to support technology risk management decisions.

• Third Party Risk Management:

• Conduct reviews of third-party/vendor risk assessments and bring up significant issues to leadership.

• Track and manage third party risk assessments within designated portfolio of projects.

Required Experience, Education and Skills

• Bachelor's degree or equivalent experience in related area (Computer Science, Information Systems or other related field)

• 10+ years’ experience in a relevant field

• 2 years demonstrated ability leading ad-hoq or standing teams

What would make us excited about you?

• Preferred: CISSP / CISM / CISA

•  Ability to build and maintain constructive working relationships with a diverse community throughout the organization.

• Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences.

• Ability to manage projects of moderate scope involving stakeholders from multiple business units inside and outside of IT.

• Actively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects)

• Champions our cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)

• Demonstrates a company ownership mindset, thinking beyond boundaries of their own area

• Travels as needed for role, including divisional / team meetings and other in-person meetings

• Fulfills business needs, which may include investing extra time, helping other teams, etc

CSAA IG Careers 
At CSAA IG, we’re proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it. 
 

Join us if you… 

• BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging. 

• COMMIT to being there for our customers and employees. 

•  CREATE a sense of purpose that serves the greater good through innovation. 

Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaa-insurance.aaa.com/us/en/benefits 

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don’t miss important updates from us. 

If a reasonable accommodation is needed to participate in the job application or interview process, please contact [email protected]. 

As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues’ different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us. 
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers’ evolving needs. 

CSAA Insurance Group is an equal opportunity employer. 

The national average salary range for this position is $136,800-$152,000.

However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on county of residence. The full salary range for this position across all the states we hire in is $120,420-$182,500. This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 12% of eligible pay.

If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education. 

Must have authorization to work indefinitely in the US. 

Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska. 

#LI-SB1

.