Senior Analyst, Cybersecurity Governance Risk and Compliance

Job Description

This is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations.

Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we’re bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.

The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.

Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service — both pre- and post-claims. Ascot exists to solve for our clients’ brightest tomorrow, through agility, collaboration, resilience, and discipline.

Job Summary

The Senior Analyst of Ascot’s Cybersecurity Governance Risk & Compliance (GRC) function will work on several activities across the GRC function. With a primary focus on the cybersecurity audit and certification activities, maintaining the cybersecurity Policies and Standards along with supporting key initiatives across the cybersecurity group as a business analyst, or project manager. This is a global role with a unique opportunity to participate in activities across the GRC function. The ideal candidate will need to manage various control owners both within IT and the business and have the ability to build key relationships across the organization.

Responsibilities

• Serve as the Cybersecurity GRC point of contact for all internal and external audits for the cybersecurity group.
• Create a repository of approved responses and evidence covering cybersecurity and IT controls.
• Maintain a list of findings along with the relevant management action plans for the IT and cybersecurity group, while coordinating remediation activities.
• Work with the IT/cybersecurity group leadership team to identify trends based on audits, providing input into strategic objectives.
• Lead external cybersecurity certification and attestation audits (e.g., ISO 27001, SOC, SOX).
• Coordinate updates to the cybersecurity policies and standards, managing the annual review, update and release cycle.
• Coordinate with control owners for review of policies and standards and ability to comply with updates.
• Lead and/or support business impact assessments across different business lines to identify risk to the business.
• Conduct self-assessment compliance audits to ensure control owner compliance with policies and standards.
• Monitor changes in threat landscape as key inputs to cybersecurity policy and standards.
• Liaise with Legal, Finance, business stakeholders and cybersecurity management as needed to provide an understanding of the policy statements.
• Stay abreast of emerging security threats, industry best practices, and regulatory requirements to ensure policies and standards reflect appropriate control enhancements to combat the threat landscape.
• Manage ad hoc projects or support other cybersecurity functions in a business analyst capacity.
  
  

Requirements

• Minimum of 8 years of experience in cybersecurity with a major focus in audits preference given to candidates who possess either a CRISC, CISM, CISA OR CISSP certification
• Bachelor's degree or equivalent years of experience
• Understanding cybersecurity frameworks, certifications, attestations and audits such as: NIST CSF, ISO 27001, SOC 1, SOC 2, ISAE 3402, SOX, PCI compliance, HIPAA.
• Understand regulatory requirements such as: CCPA, GDPR, NYDFS 500, Bermuda Monitory Authority, UK Financial Conduct Authority.
• Understanding of cloud service models, application security best practices, vulnerability and patch management.
• Self-starter with the ability to take initiative and capable of communicating to technical and non-technical audiences.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• An ability to effectively collaborate across multiple teams and ensure program needs are satisfied through interpersonal and trusted communication.
• Experience in project managing initiatives of varying scale and complexity is preferred.
  
  

Compensation

Actual base pay could vary and may be above or below the listed range based on factors including but not limited to experience, subject matter expertise, and skills. The base pay is just one component of Ascot’s total compensation package for employees. Other rewards may include an annual cash bonus, long-term incentives, and other forms of discretionary compensation awarded by the Company.

• The salary for this position in New York Metro is $115,000 - $140,000
  
  

Company Benefits

The Company provides a competitive benefits package that includes the following (eligibility requirements apply):

Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Life Insurance, AD&D, Work/Life Resources (including Employee Assistance Program), and more

Leave Benefits: Paid holidays, annual Paid Time Off (includes paid state /local paid leave where required), Short-term Disability, Long-term Disability, Other leaves (e.g., Bereavement, FMLA, Adoption, Maternity, Military, Primary & Non-Primary Caregiver)

Retirement Benefits: Contributory Savings Plan (401k)