[Hiring] Information Security Analyst @Capgemini

Role Description

Our Information Security Analyst consistently applies foundational to moderately complex risk-based methodologies in order to identify, communicate and mitigate separate and distinct cybersecurity risks that may be negligible, low or medium severity. Provides sound recommendations based on best practices to data owners, users and senior leaders on security countermeasures and controls for most types of risks to systems and data. Monitors critical security tools and platforms. Independently performs a high volume of common to intermediate security risk assessments, leads response to security incidents, and recognizes and escalates security violations with a wide breadth of impact to the organization.

The EVRA team (External Vendor Risk Assessment), part of the FIS (Farmers Information Security) team performs cybersecurity assessments of the company's vendors, suppliers, and third parties. We perform about 400 assessments a year, and provide the business with recommendations based on a risk-based analysis of each supplier's respective security posture.

Responsibilities

• Perform basic to intermediate security reviews, identify high risk gaps in security architecture, and develop security risk management plans.
• Demonstrate knowledge of related disciplines in IT and assurance.
• Identify, assess, document, and articulate emerging or complex data security and data privacy risks.
• Identify and articulate appropriate innovative countermeasures and controls to address data security and data privacy risks.
• Coordinate and manage the overall service provided to a customer end-to-end.
• Understand how the role integrates with other teams to interface with senior leaders of Global Shared Services teams while ensuring consistent levels of service.
• Serve as lead point of contact while performing day-to-day administration of security platforms.
• Promote security awareness by advising data owners, data custodians, and senior leadership on security best practices and security policies.
• Assess threats and vulnerabilities of all computer systems to develop security risk profiles and exercises strong judgement based on multiple inputs.
• Lead gathering evidence for security compliance reviews, security assessments, or cybersecurity incidents and events.
• Recognize high risk security violations and take appropriate action to report and resolve incidents.
• Conduct third party data security risk assessments, project security assessments, business risk assessments, and security testing for all types of company systems.
• Serve as primary lead for assigned security projects and initiatives by providing unique and creative perspectives to improve solutions.
• Serve as liaison between technical and non-technical departments, as well as manage relationships with vendors and contractors in a way that builds consensus.
• Participate in audits of cyber programs and projects.
• Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
• Demonstrate ownership of assigned audit actions or regulator requests by diligently providing responses and evidence within established timeframes.
• Identify security requirements specific to most information technology (IT) systems in all phases of the system life cycle.
• Validate data collected for security reporting.
• Communicate the value of information technology (IT) security throughout all levels of the organization.

Qualifications

• CISSP, CISM, CISA, CRISC, CIPP or equivalent Certification (Desirable)
• CompTIA Security+ Certification upon hire (Preferred)
• Advanced Excel
• Microsoft 365 Suite
• Quickbase

Benefits

• A competitive salary and performance-based bonuses.
• Comprehensive benefits package.
• Flexible work arrangements (remote and/or office-based).
• Dynamic and inclusive work culture within a globally renowned group.
• Private Health Insurance.
• Paid Time Off.
• Training & Development opportunities in partnership with renowned companies.