Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Jobs - Cybersecurity Risk and Compliance Analyst Reference Post GSEC, GSNA, GCCC InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Cybersecurity Risk and Compliance Analyst
Company IAT Insurance Group
Location Reference Post
Preferred GIAC Certifications GSEC, GSNA, GCCC
Travel 15%
Salary Negotiable
Contact Name Manny Landron
Contact Email manny.landron/at/
Expires 2018-06-21

Job Description

Cybersecurity Risk and Compliance Analyst

Full Time
Requisition ID : 1395

This is a great opportunity for an experienced technology auditor or technology risk and compliance analyst with cybersecurity and privacy experience to engage in a broad range of activities as IAT grows. The position will be fully integrated with the cybersecurity operations team and report directly to the CISO. Primary responsibilities for this position are supporting and monitoring secure compliance with NY DFS Cybersecurity Regulations (23 NYCRR 500) and select Center for Internet Critical Security Controls (CIS-CSC). Additional responsibilities include supporting security and privacy initiatives.

This is not a "true" remote position; it can work from Raleigh or remotely from one of our 12 other IAT locations.

Alpheretta, GA Raleigh, NC
Bradenton, FL Rolling Meadows, IL
Cheshire, CT Naperville, IL
Coral Springs, FL
Houston, TX
Kansas City, MO
Lancaster, CA
Omaha, NE
Overland Park, KS
Pasadena, CA


Actively manage and help prioritize the corporate cybersecurity risk register and perform periodic cybersecurity risk assessments.

Evaluate audit evidence to determine its sufficiency and reliability to meet control objectives and manage evidence repository.

Prepare evidence and collaborate with internal technology team members and external auditors and consultants to facilitate financial and cybersecurity audit and consulting engagements.

Assist with the requirements analysis and design of effective and efficient information technology and security processes, standards, procedures and controls.

Collaborate cross functionally across corporate boundaries to implement policy, procedures, and standards and educate the workforce.

Evaluate and recommend controls to mitigate information technology, security and privacy risk.

Measure and periodically report cybersecurity related metrics.

Monitor the access management process and perform periodic access reviews.

Administer privileged access management program and system.

Assist with business continuity and disaster recovery planning and coordinate and lead table top exercises and disaster recovery testing.

Administer the security awareness training program.

Participate in and, potentially lead, security and privacy incident management and response efforts, as necessary.

Perform third party and vendor risk evaluations and risk assessments.
Facilitate change management process and meetings.

Perform routine and periodic technical and non-technical reviews to ensure compliance with security policy, legal requirements, and industry accepted standards.

Travel – Less than 15 percent annually including training and corporate events

Desire to live and work in Raleigh, NC; Naperville, IL; Rolling Meadows, IL. Will consider remote for the right candidate.


Bachelor’s degree in cybersecurity, information systems, business administration or related field.

CISA or CISSP designation

Experiential understanding of compliance frameworks and security control objectives.
5 – 7 years of SOX, PCI-DSS and/or SOC 2 (Security and Availability) implementation or audit experience.

Strong problem solving, analytical skills, organizational, and project management skills.

Strong interpersonal and written communication skills

Self-motivation and the ability to work under minimal supervision

Willingness to pursue training and certification

To qualify, all applicants must be authorized to work in the United States and must not require, now or in the future, VISA sponsorship for employment purposes.

Preferred Qualifications

Graduate degree in information systems, business administration, or related field

Cybersecurity framework implementation or audit experience.

GSNA, GCCC, or GSEC designation(s).

We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing. We participate in E-Verify.

To be formally considered one must apply online through the IAT Career Site

IAT Recruiter:

Steve Morley | Senior Recruiter

IAT Overview:

IAT Insurance Group (“IAT”) is a privately held global insurance Company, headquartered in Raleigh, North Carolina, providing a wide range of property and casualty insurance products meeting the needs of individuals and businesses. IAT consists of six operating divisions, each sharing the same quality standards, commitment to service and innovation, and an overall mission of excellence. As an organization, we leverage our experienced leadership, sound analytics, proven operating platforms and extensive risk capabilities across the entire enterprise to deliver specialized, sustainable solutions for our customers.

With thirteen office locations, IAT has a large footprint throughout the United States. As a privately owned organization, consisting of more than six hundred employees, we are able to act strategically within an ever-changing marketplace. We are large enough to make a difference in the industry but small enough to be agile and nimble. Our focus includes meeting customer needs and fostering an exceptional agent and broker network to serve clients.