Information Security & Risk Senior Assurance AnalystInformation Services - Information Security, Information Technology Job ID 2022-11922 Primary Location: Johnston, Rhode Island 09/23/2022
More information about this job:
FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.
Reporting to the Manager Information Security Oversight & Assurance, the Information Security & Risk Senior Assurance Analyst will play a key role on the Oversight & Assurance team by driving implementation of an enhanced Governance, Risk, and Compliance (GRC) program. Working with key stakeholders across the organization, this individual will work to understand existing processes, define business and technical requirements, and work with a core team to test, implement and provide ongoing governance, oversight and maintenance of the the GRC platform. In addition, they will work with stakeholders to drive continuous improvement in the IT control environment, by helping to identify and report on cybersecurity risks throughout the organization.
The primary focus of this position will be to mature FM Global’s Information Security Oversight and Assurance program through process improvement, policy, automation, and the continuous evolution of assurance capabilities. This individual will develop, integrate, and administer complex GRC workflows. They will also be responsible for developing reporting metrics and dashboards, provide risk analysis to identify and report on key risks and insights, improving management’s visibility of identified risks and trending within their area of responsibility.
- Implementation and ongoing support of new GRC tool. Includes onboarding of various security risk and control processes to ensure alignment with regulatory requirements and industry best practices; recommends opportunities for improvement as necessary.
- Serve as key point of contact, partnering with stakeholders across the organization to review and enhances business practices in alignment with GRC.
- Develop training materials and educate key stakeholders on GRC and of the new tool.
- Develop security risk and control metrics and reporting on a monthly, quarterly, and basis
- Identify and report on cybersecurity risks, including evaluation of internal controls to determine effectiveness, identification of gaps, and implementation of remediation plans as necessary. Continuosly evaluate the internal control framework to ensure it aligns with the organization’s current control environment and supporting processes.
Minimum 4 years of experience in IT Audit, security risk management, IT controls testing, or related security disciplines.
Knowledge of GRC tools is preferred.
Experience with MAR, Sarbanes-Oxley Act, and PCAOB auditing standards is a plus!
- Able to operate with a high degree of independence project management activities, including development of project plans and resource estimates.
- Excellent communication and presentation skills. Demonstrated ability to work collaboratively with technical experts, business managers, and senior leadership. Ability to understand security risk, compliance, and technical issues and meaningful business and risk guidance and recommendation.
- Proven ability to multi-task and establish priorities. Ability to work under tight deadlines and respond to changing business and technical environments.
- Cyber / information security / risk professional with the ability to think in terms of the risk rather than compliance, and risk improvement objectives rather than strict security requirements.
- Strong relationship building, influencing, and consultation skills; demonstrated ability to establish and maintain positive work relationships with peers, management, and key stakeholders.
- college degree/ Audit, Risk, Computer Science, or closely related discipline or equivalent work experience.
We offer our employees a wide range of benefits including career long learning opportunities, tuition reimbursement, 401 (k), pension, flexible schedules, rich health and well-being programs, generous time off allowances, volunteer days and so much more!
FM Global is an Equal Opportunity Employer and is committed to attracting, developing and retaining a diverse workforce.
Please note that all FM Global visitors, including external candidates interviewing for open positions will be required to be vaccinated and should be prepared to provide proof of vaccination.
BEING FM Global
Inclusion, Diversity & Equity
We’re creating a company-wide culture that recognizes how essential this work is to our overall success.
Learn More about Diversity and Inclusion
FM Global Learning
We’re building technical skills and leadership capabilities across the enterprise, with new solutions for learning.
Learn More about FM Global's Learning Center