Analyst, Security Governance, Risk and Compliance

AEGIS Insurance Services, Inc. (“AEGIS”) has an immediate opening for a Analyst, Security Governance, Risk and Compliance that plays a vital role in safeguarding the Company’s information assets by facilitating, operating, and maintaining a comprehensive Governance, Risk, and Compliance (GRC) program. This role will collaborate with various stakeholders including the Senior Security Engineer, IT Infrastructure team, IT Application teams, Legal, and vendors.

The role offers a dynamic blend of responsibilities which include, documenting and validating cybersecurity controls, conducting risk assessments, supporting, and coordinating audits (including SOC 2 certification)). In addition, the role will have the opportunity to assess security events and validate controls across the security landscape.

Job Requirements:

• Experience with information security-related processes, programs, and/or protocols desired
• Undergraduate degree in Information Systems, Management Systems, Cybersecurity or related discipline or equivalent certification or work experience
• Working knowledge of information security principles and best practices frameworks
• Ability to identify and assess the severity and likelihood of cybersecurity or related risks
• Ability to communicate technical information to non-technical audiences
• Demonstrated strong analytical and research skills
• Proficiency in Microsoft Office Suite; specifically, Excel, PowerPoint, and Word

Candidate Attributes:

• Achievement-Oriented: Demonstrates persistence and perseverance in achieving concrete and tangible outcomes by taking action to get optimum results when encountering obstacles or resistance
• Collaborative: Develops and maintains effective working relationships across functional and divisional lines by readily sharing information, knowledge, and resources
• Detail-Oriented: Displays thoroughness and accuracy in quality communications and deliverables through the application of technical skills and industry/product knowledge
• Service-Oriented: Conveys a genuine desire and ability to anticipate and meet customer needs and creates and nurtures mutually beneficial relationships within AEGIS and with AEGIS Members and brokers
• Work Ethic: Takes ownership for one’s responsibilities by acting with integrity and holding oneself accountable to continuous improvement

Essential Job Functions:

Training and Documentation

• Risk Management:
• Maintain a comprehensive cyber and IT risk register, coordinating ongoing risk assessments
• Communicate risk assessment findings effectively to risk owners and track remediation progress
• Support continuous control evidence gathering and participate in documenting, assessing, and remediating issues and risks identified during audits and risk assessments
• Governance:
• Actively support the development, implementation, revision, and updates of security and compliance policies, procedures, practices, and key performance indicators (KPIs)
• Maintain an accurate and up-to-date IT asset inventory
• Security Awareness & Training:
• Oversee and maintain the employee awareness training program, including phishing simulations
• Continuous Learning:
• Proactively stay current with the ever-evolving cybersecurity threat landscape

Testing, Monitoring and Reporting

• Regulations & Frameworks:
• Document and track relevant regulatory requirements and frameworks (e.g., NIST CSF, SOC 2) and ensure alignment with internal controls and policies
• Compliance:
• Manage and actively support both internal and external audit engagements
• Conduct regular control testing to ensure ongoing compliance
• Vulnerability Management:
• Assign and track vulnerability remediations, actively supporting the vulnerability management process
• Cloud Security:
• Regularly assess and track the organization's cloud security posture
• Executive Reporting:
• Regularly generate KPI and status reports to keep leadership informed of the GRC program's effectiveness

Investigation, Analysis and Assessment

• Third-Party Risk Management:
• Conduct thorough third-party risk assessments to ensure all vendors are vetted and approved before onboarding
• Continuously monitor critical vendors using a vendor risk management platform
• Incident Response & Disaster Recovery:
• Support and document incident response and disaster recovery exercises
• Document security events thoroughly

www.aegislink.com

EOE

AEGIS Insurance Services, Inc. participates in E-Verify

We expect to pay a starting salary between $75,000 and $105,000. An applicant’s placement within this range is based on their individual qualifications and professional experience. In addition to base salary, AEGIS employees are eligible to participate in the Company’s annual incentive program, with competitive awards based on corporate and individual performance.

In addition, we offer a comprehensive and competitive suite of options for health, retirement, income protection, wellness, and additional benefits:

• Health: medical and prescription coverage, behavioral health, dental, vision, health savings account (includes a Company contribution), and flexible spending accounts
• Retirement: 401(k) plan that includes matching contributions and an additional Company contribution of 4% (subject to IRS limitations)
• Income Protection: basic and supplemental life insurance, short-term and long-term disability coverages, accident, and critical illness insurance
• Wellness: on-site health and fitness center, on-demand fitness and well-being app, and employee assistance program with support on mental health, financial, and legal services
• Additional benefits: commuter benefits that include a transit subsidy from the Company, pet insurance, paid time off (vacation, floating holidays, sick, and Company paid holidays), and a variety of leaves of absence (health, family, and military)
• Educational assistance and professional development opportunities
• Hybrid work schedule