Sr Information Risk Analyst

Senior Information Risk Analyst

Are you passionate about protecting the confidentiality, integrity, and availability of information, and ensuring compliance with information security laws and regulations? If so, this Sr Information Risk Analyst position may be a great fit for you!

What You'll Do

• Research and stay abreast of current regulatory requirements such as Sarbanes Oxley (SOX), Model Audit Rule (MAR), Health Insurance Portability and Accountability Act Security Rule (HIPAA), Payment Card Industry Data Security Standards (PCI-DSS), Securities and Exchange Commission (SEC), and state security and breach notification laws, frameworks such as National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), and best practices related to information security.
• Execute information security controls and control tests, as assigned.
• Partner with developers, engineers, architects and IT managers to understand various application and infrastructure technologies and risks.
• Execute entitlement reviews in compliance with regulatory requirements
• Maintain knowledge of FBL technologies to understand implications of security regulation or policy requirements.
• Facilitate, track, and report status of security risk management activities.
• Collaborate on the design of information technology controls and control tests.
• Mentor Information Risk Associate and Information Risk Analyst staff members.
• Recommend scoping of security risk assessments.
• Execute assigned risk assessments and participate in projects/efforts to mitigate or remediate identified risks.
• Maintain awareness of FBL's information security policies and standards, act as a subject matter expert in response to compliance information requests.
• Consult on Incident Response investigations.
• Evaluate and respond appropriately to internal and external information technology audit requests.
• Provide input to the development and/or review of security awareness training and communication.
• Provide input to Enterprise Information Protection (EIP) policies, standards, processes, and procedures.
  
  

What It Takes to Join Our Team:

• College degree (Business, Finance or Information Protection preferred) or equivalent plus five plus years of relevant experience required.
• Certified Information Systems Auditor (CISA), Certification in Risk Management Assurance (CRMA) and/or Certified in Risk and Information Systems Control (CRISC) preferred.
• Must have good research, analytical, organizational and decision-making skills, along with the ability to work in a team environment.
• Oral and written communication skills as appropriate to this position.
• Ability to read, write and speak the English language.
• Reasonably regular and predictable attendance.
• Ability to work in-person from our office in West Des Moines, IA.
  
  

What We Offer You: When you're on our team, you get more than a great paycheck. You'll hear about career development and educational opportunities. We offer an enhanced 401K with a match, low-cost health, dental, and vision benefits, and life and disability insurance options. We also offer paid time off, including holidays and volunteer time, and teams who know how to have fun. Add to that an onsite wellness facility with fitness classes and programs, a daycare center, a cafeteria, and for many positions, even consideration for a hybrid work arrangement. Farm Bureau....where the grass really IS greener!

If you are interested in joining a company that appreciates employees, provides growth and professional development opportunities, and offers great benefits, we invite you to apply today!

Work Authorization/Sponsorship: At this time, we are not considering candidates that need any type of immigration sponsorship now or in the future, such as additional or permanent work authorization. Applicants must be currently authorized to work in the United States on a full-time, permanent basis. We are not able to sponsor now or in the future, or take over sponsorship of, an employment visa or work authorization for this role. For example, we are not considering candidates with OPT status.