As an Information Security Analyst, Risk focused on Risk, you will be a critical member of the Security Team working to reduce the cyber risk surface area across the enterprise. This role specializes in risk management of information security issues such as securing customer-facing technologies and protecting customer information. You will work closely with other departments to identify, recommend, develop, implement, and support a risk-informed IT decision and action framework. We believe governance, risk, and compliance are key aspects of information security and are looking for a highly driven information technology professional to continue developing the Cyber Risk Management Program.

Ready to get in the driver’s seat? Join us!

What you’ll do

• Maintain and further develop the Cyber Risk Management Program
• Work with IT departments to identify and assess security risks
• Actively manage risks on the Cyber Risk Register from intake to resolution
• Develop regular cyber risk OKRs and KPIs to provide actionable insights to leadership
• Build relationships with business stakeholders across the organization to ensure remediation of cyber risk remains a priority
• Communicate risk assessment findings with key stakeholders to develop and monitor risk remediation plans
• Represent the Security team in helping to identify and track remediation of cyber risks across the enterprise
• Update the cyber risk taxonomy as needed to ensure it continues to provide consistent, valid, and comparable results
• Perform ongoing risk assessments that meet regulatory and compliance framework requirements while aligning with industry leading information security practices and considering the impact to business operations
• Develop cyber risk portfolios to provide a more holistic view of teams’ risks
• React to reported cyber security risks or issues to help assess any potential threats to Hagerty
• Identify missing or insufficient controls through risk management process
• Work closely with the Asset Manager to ensure criticality of assets is considered during risk assessment and remediation
• Work closely with appropriate teams to ensure compliance requirements are considered during risk assessment and remediation
• Identify missing or insufficient controls and provide recommendations to Security governance
• Work with organization stakeholders to develop and document risk tolerance thresholds
• Regularly report findings, risks, and recommendations
• Support the Security Team as needed through other duties that may be assigned

This might describe you

• Strong background in Information Security and Technology
• Strong analytical skills to manage technical and project management issues, as well as drive issues to closure
• Proactive problem-solving, negotiation, and decision-making skills to influence key stakeholders
• Self-starter, can see technical and administrative issues and bring them to the surface with recommendations for improvement
• Analytical and troubleshooting skills, demonstrating an aptitude for conducting quantitative and qualitative analysis of large and complex data
• Ability to work independently and as a team to deliver quality work
• Self-organized and able to participate in the project management process
• Attention to detail and the ability to prioritize work efficiently and effectively
• Ability to execute projects and tasks while juggling multiple priorities
• Strong communication and writing skills
• Experience working within information classification and/or data privacy frameworks
• An outgoing personality and enthusiasm interacting with others
• Familiarity of public company requirements, including Sarbanes Oxley and key regulations, if applicable

Pluses

• Bachelor’s degree in IT, computer science, information security or a related field
• Object oriented programming experience
• CISSP Certification or equivalent
• Experience building and implementing technical and risk management components within security systems
• Experience using ADO or equivalent framework
• Project management experience
• Working knowledge and experience with compliance and security frameworks such as ISO 27001, PCI DSS, GDPR, NIST, CIS and SANS Critical Controls
• Relevant experience in planning, administering, developing or delivering solutions in GRC platforms (e.g. Highbond, RSA Archer, OneTrust, or equivalent)

Other things to note

This position can be worked as remote position within the United States.

Say hello to Hagerty

Hagerty is an automotive enthusiast brand and the world’s largest membership organization for car lovers. Along with being a best-in-class provider of specialty insurance for enthusiasts, Hagerty is also home to DriveShare®, the Hagerty Drivers Foundation, Garage + Social, Hagerty Drivers Club, MotorsportReg and so much more. Committed to saving driving for future generations, each and every thing Hagerty does is dedicated to the love of the automobile.

Hagerty is a rapidly growing company that values a winning culture. We provide meaningful work for, and invest in, every single team member.

At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age or car preference. We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world.

If you reside in the following jurisdictions: Illinois, Colorado, California, Washington, New York, or Jersey City, New Jersey, British Columbia, Canada please email

recruiting@hagerty.com

for compensation, comprehensive benefits and the perks that set us apart.

#LI-Remote

EEO/AA

Apply Now: click Apply Now

Looking for remote jobs near your area? At Yulys, thousands of employers are looking for exceptional talent like yours. Find your perfect fit now.