Senior Security Analyst

Are you passionate about information security and technology risk management?  Kinsale Insurance has an opening for an Information Security Analyst who will report to the Manager of Information Security and help improve the information security posture of the organization. Create, maintain, communicate, enhance, and monitor security policy, drive information security compliance, and manage risk across IT and the lines of business.

Responsibilities:

Information Security Program Management

• Plan, analyze, and facilitate updates to information security policies, standards, procedures, and guidelines
• Manage, create, and update information security governance documentation
• Serve as a trusted resource for information security governance
• Utilize risk management frameworks and control catalogs, such as the NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls, as well as various audit processes to assess the organization’s information security posture and make recommendations for improvement
• Conduct risk assessments at the network, system, application, and vendor levels and assess results against policies, standards, procedures, industry best practice, and acceptable risk thresholds
• Perform business impact analysis (BIA), update business continuity and disaster recovery plans.
• Provide IT security requirements and guidance to IT and business stakeholders
• Support delivery of the IT third-party risk management program

Prevention

• Ensure employees receive initial and routine security awareness training; design and implement ongoing awareness activities
• Design and deliver enterprise-wide internal phishing campaigns, and perform necessary data analysis for risk remediation
• Identify security controls and formulate risk treatments plans to manage information security risks that fall outside of acceptable thresholds
• Work with appropriate stakeholders to implement controls in alignment with IT governance documents
• Create and review information systems security status, standards compliance, and deficiencies using key performance indicators, key risk indicators, and other metrics

Detection and Response

• In coordination with information security team members, respond to IT security events, incidents, suspicious activity and / or alerts to prevent adverse impact to users, processes, systems, or data
• Coordinate routine incident response tabletop planning activities and tests, including other areas of IT operations as appropriate
• Coordinate routine disaster recovery planning, testing, and documentation

Qualifications:

• Bachelor’s degree in computer science, technology, or related field preferred; equivalent experience will be considered
• 3 years of experience across one or more IT security domains
• 2 years of working with risk monitoring and tracking processes across a variety of security controls and driving remediation activities
• 2 years of experience working in an enterprise IT security, risk, or governance environment
• Ability to balance appropriate information security controls with business risk tolerance
• Experience with information security frameworks and control catalogs such as NIST CSF, CIS CSC, NIST 800-53, and ISO/IEC 27001/2
• Experience with Sarbanes-Oxley (SOX) controls
• Experience with U.S. state information security and privacy regulations such as NY Cybersecurity Requirements for Financial Services Companies, Virginia Insurance Data Security Act, and California Consumer Privacy Act is preferred
• Detailed understanding of information security and compliance best practices
• Ability to create reports and dashboards using commercial off-the-shelf tools such as MS Excel and PowerPoint
• Excellent analytical and problem-solving skills
• Strong communications (written and verbal) and collaboration skills
• CISSP, CISM, CISA, or CRISC certifications are preferred

At Kinsale we offer the following great benefits:

• Competitive salary with performance-based bonus opportunities
• Single and family health, dental, and vision insurance plans with a generous percentage of maximum HSA funds contributed by the company
• Short-term and long-term disability
• Life insurance
• Matching 401(k), fully vested from first day of contribution
• Generous paid time off and holidays
• Yearly reimbursement for educational training and development opportunities
• Promotion from within the company with clear goals and developed career paths