Job Posting for Senior Security Analyst at Kinsale Management, Inc.
Are you passionate about information security and technology risk management? Kinsale Insurance has an opening for an Information Security Analyst who will report to the Manager of Information Security and help improve the information security posture of the organization. Create, maintain, communicate, enhance, and monitor security policy, drive information security compliance, and manage risk across IT and the lines of business.
Responsibilities:
Information Security Program Management
Plan, analyze, and facilitate updates to information security policies, standards, procedures, and guidelines
Manage, create, and update information security governance documentation
Serve as a trusted resource for information security governance
Utilize risk management frameworks and control catalogs, such as the NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls, as well as various audit processes to assess the organization’s information security posture and make recommendations for improvement
Conduct risk assessments at the network, system, application, and vendor levels and assess results against policies, standards, procedures, industry best practice, and acceptable risk thresholds
Perform business impact analysis (BIA), update business continuity and disaster recovery plans.
Provide IT security requirements and guidance to IT and business stakeholders
Support delivery of the IT third-party risk management program
Prevention
Ensure employees receive initial and routine security awareness training; design and implement ongoing awareness activities
Design and deliver enterprise-wide internal phishing campaigns, and perform necessary data analysis for risk remediation
Identify security controls and formulate risk treatments plans to manage information security risks that fall outside of acceptable thresholds
Work with appropriate stakeholders to implement controls in alignment with IT governance documents
Create and review information systems security status, standards compliance, and deficiencies using key performance indicators, key risk indicators, and other metrics
Detection and Response
In coordination with information security team members, respond to IT security events, incidents, suspicious activity and / or alerts to prevent adverse impact to users, processes, systems, or data
Coordinate routine incident response tabletop planning activities and tests, including other areas of IT operations as appropriate
Coordinate routine disaster recovery planning, testing, and documentation
Qualifications:
Bachelor’s degree in computer science, technology, or related field preferred; equivalent experience will be considered
3 years of experience across one or more IT security domains
2 years of working with risk monitoring and tracking processes across a variety of security controls and driving remediation activities
2 years of experience working in an enterprise IT security, risk, or governance environment
Ability to balance appropriate information security controls with business risk tolerance
Experience with information security frameworks and control catalogs such as NIST CSF, CIS CSC, NIST 800-53, and ISO/IEC 27001/2
Experience with Sarbanes-Oxley (SOX) controls
Experience with U.S. state information security and privacy regulations such as NY Cybersecurity Requirements for Financial Services Companies, Virginia Insurance Data Security Act, and California Consumer Privacy Act is preferred
Detailed understanding of information security and compliance best practices
Ability to create reports and dashboards using commercial off-the-shelf tools such as MS Excel and PowerPoint
Excellent analytical and problem-solving skills
Strong communications (written and verbal) and collaboration skills
CISSP, CISM, CISA, or CRISC certifications are preferred
At Kinsale we offer the following great benefits:
Competitive salary with performance-based bonus opportunities
Single and family health, dental, and vision insurance plans with a generous percentage of maximum HSA funds contributed by the company
Short-term and long-term disability
Life insurance
Matching 401(k), fully vested from first day of contribution
Generous paid time off and holidays
Yearly reimbursement for educational training and development opportunities
Promotion from within the company with clear goals and developed career paths
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution.
Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right.
Surveys & Data Sets
Sign up to receive alerts about other jobs that are on the Senior Security Analyst career path.
Click the checkbox next to the jobs that you are interested in.
Sign up to receive alerts about other jobs with skills like those required for the Senior Security Analyst.
Click the checkbox next to the jobs that you are interested in.