Security Governance Risk & Compliance Analyst II - Remote

Description

Marketing Statement:

Tokio Marine North America Services (TMNAS) provides professional support services to Tokio Marine Group companies in the United States, including Tokio Marine America, First Insurance Company of Hawaii, and Philadelphia Insurance Companies. Customer service is our focus and our passion! Tokio Marine North America Services adds value in all that we do, providing the best professional service to our business partners, allowing them to achieve their goals. Our talented team delivers actuarial, audit, corporate communications, financial and investment, human capital services, information technology, legal, and payroll expertise to our customers.

Job Summary

The TMNAS Governance, Risk and Compliance Analyst II is an operational and functional resource role within the Information Security and Risk Management function within the TMNAS IT Department.  This role will enforce enterprise information security policies, standards and controls and will assess and document TMNAS' information security risk and compliance posture.   They will provide security expertise supporting organization risk reduction through development and implementation of the information security GRC program to align with industry best practices.  The TMNAS Governance, Risk and Compliance Analyst II will be a significant contributor evaluating organizational security needs, ensuring solutions and controls are developed and implemented with supporting practices and procedures.

Job Responsibilities

• Work within the Governance, Risk, and Compliance team to maintain security policies and standards
• Provide subject matter expertise in support and development of improved security policies and threat models
• Implement and manage solutions and processes to manage, track, and report on control activities
• Prepare reports for leadership to communicate risk, risk treatments and control effectiveness
• Contribute to the development and maintenance of information security strategy
• Create and execute strategy for managing customer security questionnaires, security inquiries, and internal and external assessments
• Collaborate with legal and procurement teams to establish third-party risk management program
• Stay apprised of government and industry security regulations and requirements
• Comply with proper internal controls as necessary to conduct job functions and/or carry out responsibilities and/or administrative activities at the Company
• Establish and build strong working relations and partnerships with IT peers and Business Units
• Perform special projects and other duties as may be assigned

Required Experience/Knowledge/Skills

• 5 years relevant information security compliance and/or information security audit experience
• Knowledge of one or more major Information Security standards/frameworks such as NIST Cybersecurity Framework, NIST 800 series, ISO 27000 series, NYDFS Cyber Regulation, SOC 2 (AICPA Trust Service Principles), GDPR, etc.
• High-level understanding of IT and security topics such as network security, operating system security, authentication and authorization, and secure software development lifecycle
• Knowledge, insight, and understanding of business concepts and processes that are needed for making sound decisions in the context of the company's business; ability to apply this knowledge appropriately to diverse situations.
• Practiced knowledge of pragmatic and risk appropriate security controls
• Knowledge of typical organizational politics and political tactics; ability to effectively navigate formal and informal communication and decision-making channels
• Strong writing and communication skills
• Strong customer service orientation toward Business Units requiring consultation (responsive, consultative, collaborative, and accurate)
• Able to work with a group to set its objectives and agenda, generate allegiance to those objectives, and guide and motivate achievement
• Interpersonal relationship building skills; able to work with a variety of people and groups in a constructive and collaborative manner
• Analytical ability with the capability to determine the root cause of problems and issues and provide solutions
• Applies organizational acumen to identify and maintain focus on key success factors for the organization
• Superior attention to detail
• Ability to juggle multiple, competing, frequently changing time-sensitive deadlines and priorities
• Ability to work independently and without supervision
• Ability to work effectively as part of a team

Preferred Experience/Knowledge

• Bachelor's degree in engineering, computer science, or similar major
• CISSP, CISA, or other security/audit certifications
• 2-3 years in information security governance, risk and compliance. Experience in Azure/M365 technologies
• Experience in regulated control environments (e.g. JSOX/SOX, NYDFS, and PCI)
• Experience in GRC tools (OneTrust) and data visualization tools (PowerBI) a plus

Salary range $72,000 to $96,000. Ultimate salary offered will be based on factors such as applicant experience and geographic location. Our company offers a competitive benefits package and bonus eligibility on top of base.

Application Deadline: 5/3/2024

Additional benefits information can be found here: https://tmnas.com/benefits-at-tmnas.aspx

EEO Statement:

Tokio Marine Group of Companies (including, but not limited to the Philadelphia Insurance Companies, Tokio Marine America, Inc., TMNA Services, LLC, TM Claims Service, Inc. and First Insurance Company of Hawaii, Ltd.) is an Equal Opportunity Employer.  In

order to remain competitive we must attract, develop, motivate, and retain the most qualified employees regardless of age, color, race, religion, gender, disability, national or ethnic origin, family circumstances, life experiences, marital status, military status,  sexual orientation and/or any other status protected by law.