Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs - Information Security Analyst Traverse City, Michigan GCTI, GCFA InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Information Security Analyst
Company Hagerty
Location Traverse City, Michigan
Preferred GIAC Certifications GCTI, GCFA
Travel 10%
Salary negotiable
Contact Name Anonymous
Contact Email rwasserman/at/
Expires 2018-01-16

Job Description

Hagerty, the leading provider of classic car insurance, valuation tools and roadside service for people who love cars, has an opportunity for an Information Security Analyst. This person will be responsible for contributing to the analysis and operations efforts that advance the Company’s cyber security program. Our candidate will have directly relevant work experience as a security analyst and incident responder but will also have a natural curiosity about metrics. This role will be based in our Traverse City, MI office.


•Support development, advancement, maturation, and measurement of a risk-based Cyber Security program which protects company information and technology assets, meets regulatory requirements, and aligns with industry leading risk and information security practices

•Assess and understand Hagerty’s current security program objectives, risk appetite, security posture and future architecture. Develop program level KPIs and executive dashboards to measure program success and provide insightful recommendations supported by data for program improvement, anticipated shortfalls, potential vulnerabilities, and risk reduction

•Identify and assess threats to Hagerty’s business and diverse IT environment including on premise applications, network infrastructure, servers, SaaS solutions, workstations, and devices; determine root cause when incidents occur, participate in the hands-on deployment of countermeasures for threats or incidents and mitigate future risks through policy changes, process improvements, configuration changes, or user awareness training

•Ensure the Company’s cyber threat response and vulnerability management programs have metrics and KPIs in place that maintain consistent analysis, response, and monitoring of cyber security threats, events, and vulnerabilities after identification. Provide reporting which supports management and timely communication of risks, issues, and gaps

•Work closely with product and platform teams to enable a security culture within those teams. Assist those teams to develop and refine security standards/access controls, and have easily understood measures, security metrics, and/or KPIs in place that facilitate adherence to internal security standards, policy enforcement and best practices

•Collaborate with business units, application development teams and third-party vendors to communicate security program objectives. Measure performance of those stakeholders relative to those objectives, and successfully achieve those objectives while enabling the business

•Apply a deep understanding of measurements, data, threats and user behavior in a way that complements technical knowledge and other security subject matter expertise to protect the Company against cyber threats (e.g., threat intelligence indicators, motivations of potential bad actors, indicators of computer misuse, knowledge of firewalls, intrusion detection and prevention systems, data loss prevention solutions, endpoint protections, log aggregation technology and other leading-edge security technologies)

•Perform assessment of cyber security incidents to identify the root cause, respond, and recover the environment. Participate in the enterprise Incident Response Plan, lead incident response activities, and develop metrics and reporting

•Contribute to the development and maintenance of the information security strategy, policies, and procedures


•Bachelor’s degree with major course work in Math, Statistics, Information Technology, Computer Science, Cyber Security, or closely related field

•5+ years’ experience in information security; strong security expertise required

•2+ years experience in the following:

•Independent development of security KPIs and metrics preferably up to C-level execs and board level

•Hands-on development of visualizations and dashboards that support metrics. Ability to automate these is a plus.

•Presentation skills to technical and non-technical audiences

•Advanced understanding of statistical and graphing functions within Excel or other similar tools. A formal background in statistics or data analysis is a plus.

•Professionally recognized certifications in a security-related field

•Strong experience developing KPIs for and supporting effective cyber and information security programs

•Strong analytical skills to manage technical and project management issues, as well as drive those issues to closure

•Experience in identifying and handling information security incidents

•Experience in working within information classification and/or data privacy frameworks

•Should have working knowledge and experience ensuring compliance with security frameworks such as ISO, PCI DSS, NIST, CIS and SANS Critical Controls

Hagerty has been named a Fortune Magazine Great Place to Work. Click the link to see our Great Rated! review.

To apply for this position, please visit our career site at