Information Security/Cyber GRC Analyst

at Protective Life
  • $68k-$100k
  • Remote - United States

Remote

Cybersecurity

Mid-level

Job description

The work we do has an impact on millions of lives, and you can be a part of it.

We help protect our customers against life’s uncertainties. Regardless of where you work within the company, you’ll be helping provide protection and peace of mind when our customers need it most.

The Information Security GRC (Governance, Risk, and Compliance) Analyst manages and executes the organization’s IS GRC programs under security leadership. This role ensures compliance with regulatory requirements and internal policies, working with internal stakeholders and external vendors. The analyst embraces a program owner mindset whilecombining business acumen, effective communication, and technical skills to manage risk assessments, policy development, and compliance initiatives. They measure the efficacy of the IS GRC program, communicate metrics to security leadership, and make recommendations for improvement. Additionally, the analyst fosters a collaborative environment, encouraging feedback and support for the IS GRC objectives.

Key Responsibilities:

  • Provide support and contribute to the InfoSec GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, Compliance Management, RFP Process Management and others.
  • Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients and sales support.
  • Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
  • Generate reports on assessment findings and summarize them to facilitate remediation tasks for other IT operational teams.
  • Conduct formal risk analysis and self-assessments program for various Protective brands and the associated information services systems, processes, and infrastructure.
  • Assist internal and external auditors with SOC2 and HITRUST audit engagement, data/artifact collection, exception remediation and monitoring.
  • Contribute to maintenance and update of library of information security control standards and procedures based on Information Security policies and procedures and industry best practices.
  • Maintain awareness of changes or updates on security control frameworks, compliance laws and statute, and identify the impact to the business and its security posture.
  • Compile management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments.
  • Conduct or participate in the cross training sessions with the IT Security team in the management and configuration of security tools and technical controls.
  • Prioritize, evaluate, resolve and escalate issues or tasks as required.
  • Provide appropriately detailed and timely follow-up support with customers (internal and external).
  • Provide updates, status, and completion information to the team using Agile methodologies.
  • Troubleshoot and resolve security related IS GRC and technical issues effectively and efficiently.
  • Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications.
  • Key contributor to the design, implementation, and optimization of the IS GRC application or solutions.

Qualifications:

  • Experience contributing to IS GRC program initiatives and supported the execution of risk assessments.
  • Excellent project, organizational, and content management skills.
  • Strong understanding of various state and federal regulatory requirements and compliance standards.
  • Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH required.
  • Excellent communicator and storyteller, adept at collaborating with various groups of people.
  • Proven ability to track and measure IS GRC program effectiveness using solutions such as SharePoint, Power BI, ServiceNow, and Archer.
  • Experience in developing and presenting related training materials.
  • Ability to provide continuous improvement feedback of the IS GRC program and present improvements at least yearly to leadership.
  • General knowledge of security tools, solutions, and appliances in support of security domains such as network security, e-Mail and end-point security, vulnerability scans, access controls, and log management etc.
  • Strong consideration will Azure or cloud services
  • Basic technical understanding of cloud services principles such as IAAS, SAAS, and PAAS.
  • #LI-VG1

Education & Certifications:

  • Minimum of 2 years of experience in IT security, risk management, compliance, or audit required.
  • A bachelor’s degree in Computer Science, Information Technology, or a related field is preferred, or applicable experience.
  • Relevant security certifications preferred, such as:
  • Certified Information Security Auditor (CISA)
  • Certified in Risk Information Systems Controls (CRISC)
  • GIAC Security Essentials or Professional Certification (GSEC/GISP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Cloud Security Professional (CCSP)
  • Certified Insurance Data Security Professional (CIDSP)
  • CompTIA Security+
  • Azure/AWS Security Certifications

$68,500 - $100,500 a year

Protective’s targeted salary range for this position is $68,500 to $100,500. Actual salaries may vary depending on factors, including but not limited to, job location, skills, and experience. The range listed is just one component of Protective’s total compensation package for employees.

This position also offers additional incentive opportunities through an annual incentive based on individual and Company performance.

Employee Benefits:

We aim to protect the wellbeing of our employees and their families with a broad benefits offering. In addition to offering comprehensive health, dental and vision insurance, we support emotional wellbeing through mental health benefits and an employee assistance program. Work/life balance is important and Protective offers a variety of paid time away benefits (e.g., paid time off, paid parental leave, short-term disability, and a cultural observance day). The financial health of our employees is just as important as physical and emotional health.  Some of the financial wellbeing benefits include contributions to healthcare accounts, a pension plan, and a 401(k) plan with Company matching. All employees are encouraged to protect their overall wellbeing by engaging in ProHealth Rewards, Protective’s platform to improve wellbeing while earning cash rewards.

Eligibility for certain benefits may vary by position in accordance with the terms of the Company’s benefit plans.

Accommodations for Applicants with a Disability:

If you require an accommodation to complete the application and recruitment process due to a disability, please email [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application and recruitment process.

Please note that the above email is solely for individuals with disabilities requesting an accommodation.  General employment questions should not be sent through this process.

We are proud to be an equal opportunity employer committed to being inclusive and attracting, retaining, and growing an inclusive workforce.

Share this job:
Please let Protective Life know you found this job on Remote First Jobs 🙏

Latest Jobs at Protective Life

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply