Information Security Risk Analyst
We are looking for an Information Security Analyst to join our growing IT Security organization at our Worcester, MA office.
The Information Security Risk Analyst is responsible for developing and managing information security policies, standards and guidelines.
This role is also responsible for evaluating the business risk environment, assessing key control appropriateness and effectiveness, determining information security risk, and providing consultative direction on the development of appropriate security measures to mitigate risk exposure.
In addition, the analyst will track remediation of any identified control gaps and deficiencies, analyze data for management reporting and ensure all cyber and data security requirements are in place.
This is a full, exempt position.
Position Requirements and responsibilities:
- A Bachelor's degree in Computer Science or technology/information security-related field.
- Five (5) years direct experience in an information security role where risk-based methodology is used.
- Familiarity with FAIR methodology
- Certified Information Systems Security Professional (CISSP) is a plus.
- Certified in Risk and Information Systems Controls (CRISC) or equivalent.
- Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g. NIST)
- Strong understanding of policy, compliance, and best practice security principles.
- Develop, implement and maintain a policy management lifecycle process, including develop, implement and communicate security policies, procedures, standards, best practices, guidance and controls.
- Continuously assess existing policies for relevancy and accuracy and work with business partners to identify and manage risks associated with policy violations and exceptions
- Support management’s monthly reporting by analyzing and reporting on IT security controls and risk exposure.
- Confirm that all applicable regulatory requirements are addressed, and security controls are managed and maintained.
- Perform information security risk evaluations on reported IT issues.
- Participate in IT initiatives, as necessary, to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion.
- Be well-versed in various information security frameworks and standards, cybersecurity regulations and industry compliance requirements.
- Understand the security risk landscape and proactively identify the need for changes to existing controls to meet and exceed industry standards.
- Contribute to building and operating our security risk management processes: risk assessment design and execution, risk treatment, issue and action management portfolio oversight, insight analysis, and reporting
- Advise and collaborate with SMEs, including Audit & Compliance, teams to ensure design and testing of security controls are aligned with leading best practices and executed effectively to manage risk
- Develop (Key Performance Indicators - KPIs) and risk (Key Risk Indicators - KRIs) metrics for use and reporting by business areas.
Personal and Professional Competencies:
- Excellent analytical, decision-making and problem-solving skills.
- Able to work independently with minimal guidance and act as coach to other team members as necessary.
- Experience leading through influence
- Communication experience, interpersonal experience, and experience working cross-functionally with various teams
- Analytical and problem-solving experience, including knowledge of data analysis
“The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law.
Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.”
As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. If you require a reasonable accommodation, as a candidate for employment, please inform The Hanover Talent Acquisition office.
Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please click here.
- Job Function Information Technology
- Pay Type Salary
- Required Education Bachelor’s Degree
- Worcester, MA, USA