Senior IT Security Risk Analyst
Amerisure Mutual Insurance Company
Farmington Hills, United States of America
12 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Farmington Hills, United States of America
Tech stack
Artificial Intelligence
Amazon Web Services (AWS)
Data analysis
Cloud Computing Security
Computer Security
Information Systems
Information Technology Audit
Mobile Application Software
Information Systems Security Architecture Professional
PCI Data Security Standards
Software Tools
Software Vulnerability Management
Cyber Threat Analysis
Job description
The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design, implementation, and continuous improvement of the IT risk program, ensuring alignment with regulatory requirements (e.g., New York State Department of Financial Services, NIST CSF) and business objectives.
Essential Tasks/Major Duties
- Perform security risk assessments of third-party vendors including AI and mobile application reviews.
- Lead the review, update, and communication of cybersecurity policies, standards, and procedures to ensure alignment with global frameworks (e.g., NIST CSF, NYDFS, NIS2, PCI DSS).
- Lead and maintain the IT Risk Register including metrics which provides leadership an overall view of IT risk.
- Perform risk assessments of IT risks.
- Map regulations to policies and controls.
- Create risk and compliance metrics for management and compliance purposes.
- Perform control testing and validation to ensure proper control effectiveness.
- Support IT audits and controls around Model Audit Rule (MAR).
- Monitor threat intelligence to determine potential impact to environment and remediation urgency.
- Support vulnerability management program, daily security operations and identity tasks as needed.
- Be a key advisor to leadership, translating cybersecurity risk into business impact and enabling informed decision-making.
Requirements
Do you have experience in Vulnerability management?, Do you have a Bachelor's degree?, * Bachelor's degree or equivalent combination of education and experience.
- 5 years cybersecurity experience.
- Advanced Cyber Risk Management domain specific professional certification required: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified in Risk and Information Systems Control (CRISC); Certified Cloud Security Professional (CCSP); AWS Certified Security.
- 2 years experience performing IT security control testing.
- Experience reviewing SOC 2 Type 1 and Type 2 reports to articulate potential security risk.
- Expertise in conducting third-party cyber risk assessments.
- Proficient in NIST security domain frameworks and architectures.
- Experience in Logicgate or another GRC tool.
- Experience using AI driven tools to enhance automation and operational efficiency.
- Ability to quickly diagnose security control problems and propose/implement solutions.
- Clear and concise articulation of risk to both technical peers and non-technical stakeholders.
- Partner with IT teams, developers, and business leaders to support security initiatives, and mentor and develop members of the security team.
- Analyze data and security trends to anticipate and assess potential threats.
- Stay current with regulations, evolving threats, technologies, and security protocols.
Benefits & conditions
Pulled from the full job description
- 401(k)
- Health insurance
- Paid time off
- Profit sharing, Just as we are committed to creating exceptional value for our Partners For Success® agencies and policyholders, Amerisure also remains committed to being an employer of choice. We reinforce this commitment by adhering to an Employee Value Proposition that, in part, is provided through a competitive total rewards package. This package includes competitive base pay, performance-based incentive pay, comprehensive health and welfare benefits, a 401(k) savings plan with profit sharing, and generous paid time off programs. We also offer flexible work arrangements to promote work-life balance. Recognized as one of the Best and Brightest® Companies to Work For in the Nation and one of Business Insurance magazine's Best Places to Work in Insurance, we provide a workplace that fosters excellence and professional growth. If you are looking for a collaborative and rewarding career, Amerisure is looking for you.
About the company
Amerisure creates exceptional value for its partners, policyholders, and employees. As a property and casualty insurance company, Amerisure's promise to our partner agencies and policyholders begins with a comprehensive line of insurance products designed to protect businesses, as well as the health and safety of every employee. With an A.M. Best "A" (Excellent) rating, Amerisure serves mid-sized commercial enterprises focused in construction, manufacturing and healthcare. Ranked as one of the top 100 Property & Casualty companies in the United States, we proudly manage nearly $1 Billion of Direct Written Premium and maintain $1.21 billion in surplus.