Protective has helped people achieve protection and security in their lives for over 117 years.
The Role
The work we do has an impact on millions of lives, and you can be a part of it.
We help protect our customers against life’s uncertainties. Regardless of where you work within the company, you’ll be helping provide protection and peace of mind when our customers need it most.
The Information Security GRC (Governance, Risk, and Compliance) Analyst manages and executes the organization's IS GRC programs under security leadership. This role ensures compliance with regulatory requirements and internal policies, working with internal stakeholders and external vendors. The analyst embraces a program owner mindset whilecombining business acumen, effective communication, and technical skills to manage risk assessments, policy development, and compliance initiatives. They measure the efficacy of the IS GRC program, communicate metrics to security leadership, and make recommendations for improvement. Additionally, the analyst fosters a collaborative environment, encouraging feedback and support for the IS GRC objectives.
Key Responsibilities:
- Provide support and contribute to the InfoSec GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, Compliance Management, RFP Process Management and others.
- Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients and sales support.
- Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
- Generate reports on assessment findings and summarize them to facilitate remediation tasks for other IT operational teams.
- Conduct formal risk analysis and self-assessments program for various Protective brands and the associated information services systems, processes, and infrastructure.
- Assist internal and external auditors with SOC2 and HITRUST audit engagement, data/artifact collection, exception remediation and monitoring.
- Contribute to maintenance and update of library of information security control standards and procedures based on Information Security policies and procedures and industry best practices.
- Maintain awareness of changes or updates on security control frameworks, compliance laws and statute, and identify the impact to the business and its security posture.
- Compile management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments.
- Conduct or participate in the cross training sessions with the IT Security team in the management and configuration of security tools and technical controls.
- Prioritize, evaluate, resolve and escalate issues or tasks as required.
- Provide appropriately detailed and timely follow-up support with customers (internal and external).
- Provide updates, status, and completion information to the team using Agile methodologies.
- Troubleshoot and resolve security related IS GRC and technical issues effectively and efficiently.
- Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications.
- Key contributor to the design, implementation, and optimization of the IS GRC application or solutions.
Qualifications:
- Experience contributing to IS GRC program initiatives and supported the execution of risk assessments.
- Excellent project, organizational, and content management skills.
- Strong understanding of various state and federal regulatory requirements and compliance standards.
- Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH required.
- Excellent communicator and storyteller, adept at collaborating with various groups of people.
- Proven ability to track and measure IS GRC program effectiveness using solutions such as SharePoint, Power BI, ServiceNow, and Archer.
- Experience in developing and presenting related training materials.
- Ability to provide continuous improvement feedback of the IS GRC program and present improvements at least yearly to leadership.
- General knowledge of security tools, solutions, and appliances in support of security domains such as network security, e-Mail and end-point security, vulnerability scans, access controls, and log management etc.
- Strong consideration will Azure or cloud services
- Basic technical understanding of cloud services principles such as IAAS, SAAS, and PAAS.
- #LI-VG1
Education & Certifications:
- Minimum of 2 years of experience in IT security, risk management, compliance, or audit required.
- A bachelor's degree in Computer Science, Information Technology, or a related field is preferred, or applicable experience.
- Relevant security certifications preferred, such as:
- Certified Information Security Auditor (CISA)
- Certified in Risk Information Systems Controls (CRISC)
- GIAC Security Essentials or Professional Certification (GSEC/GISP)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Cloud Security Professional (CCSP)
- Certified Insurance Data Security Professional (CIDSP)
- CompTIA Security+
- Azure/AWS Security Certifications
Employee Benefits:
We aim to protect the wellbeing of our employees and their families with a broad benefits offering. In addition to offering comprehensive health, dental and vision insurance, we support emotional wellbeing through mental health benefits and an employee assistance program. Work/life balance is important and Protective offers a variety of paid time away benefits (e.g., paid time off, paid parental leave, short-term disability, and a cultural observance day). The financial health of our employees is just as important as physical and emotional health. Some of the financial wellbeing benefits include contributions to healthcare accounts, a pension plan, and a 401(k) plan with Company matching. All employees are encouraged to protect their overall wellbeing by engaging in ProHealth Rewards, Protective’s platform to improve wellbeing while earning cash rewards.
Eligibility for certain benefits may vary by position in accordance with the terms of the Company’s benefit plans.
Accommodations for Applicants with a Disability:
If you require an accommodation to complete the application and recruitment process due to a disability, please email [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application and recruitment process.
Please note that the above email is solely for individuals with disabilities requesting an accommodation. General employment questions should not be sent through this process.
We are proud to be an equal opportunity employer committed to being inclusive and attracting, retaining, and growing an inclusive workforce.
Similar Jobs
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Protective Life Corporation (Protective) provides financial services through the production, distribution and administration of insurance and investment products throughout the United States. Protective traces its roots to its flagship company founded in 1907, Protective Life Insurance Company. Throughout its more than 110-year history, Protective’s growth and success can be largely attributed to its ongoing commitment to serving people and doing the right thing — for its employees, distributors and, most importantly, its customers. Protective’s home office is located in Birmingham, Alabama, and its 3,000+ employees work across the United States. As of June 30, 2020, Protective had assets of approximately $123 billion. Protective Life Corporation is a wholly owned subsidiary of Dai-ichi Life Holdings,
