Cyber Risk Analyst

Job Summary

This role will be responsible for ensuring all projects, initiatives and related technologies meet or exceed requirements relative to information security, privacy, and compliance within the organization.

Additionally, this position will work directly with members of corporate security offices in order to adopt and implement tools, processes, and procedures necessary to ensure the alignment of local security initiatives to the corporate model. 

Knowledge, Skills and Abilities

Education: Bachelor's plus Certificate, e.g. INS 21, 22, 23, or equivalent, related experience.

Experience: 4 - 6 years - or Associates Degree equivalent plus 6 - 8 years.

Knowledge: General knowledge of industry practices, standards, and concepts within field of work. Applies them to perform work requiring analytical business skills.

Decision Making: Makes decisions using broad management limits. Applies guidelines and procedures that leave considerable room for discretion and interpretation. Decisions directly influence project, client relationships and or expenditures. Additionally, decisions exert some influence on organization's long-range goals and objectives. Participates in determining objectives of assignments.

Supervision Received: Works independently under general supervision. Work is reviewed for overall adequacy in meeting objectives.

Leadership: May provide training and guidance to less experienced staff.

Problem Solving /Operations/Direct Work Involvement: Develops solutions to a variety of problems, typically of moderate scope and complexity. Refers to and interprets policies and practices for guidance.

Client Contacts: Contacts other departments and or external organizations or parties frequently. Contacts are primarily at or below upper management levels. Represents organization on specific projects. Communication may involve persuasion, and negotiation.

Additional Knowledge, Skills, and Abilities

Strong written, oral, and analytical skills

Ability to evaluate and articulate cyber security risks to non-technical members of the organization

Ability managing small to medium sized projects

Experience/Familiarity with the following:

Information security management system framework (ISO 27001; NIST CSF)

PCI/DSS Compliance

Amazon AWS / Azure cloud computing platforms

Third party risk management

Incident response planning

Contingency planning (BCP / DRP)

GRC

Certifications:

CySA+ / CISM Strongly desired

CISSP strongly desired

AWS Certified Cloud Practitioner certification a plus

If you require an accommodation for a disability so that you may participate in the selection process, you are encouraged to contact the MAPFRE Insurance Talent Acquisition team at talentacquisition@mapfreusa.com.

We are proud to be an equal opportunity employer.