Senior Cybersecurity Governance Analyst

at Global Atlantic Financial Group
Boston, Massachusetts, United States

Pursuant to Company policy, all employees are required to be vaccinated for COVID-19 to access GA facilities.  Currently, most of our interviews will occur over video. All offices are currently open, and our employees are back 4 or 5 days a week in NY and 3 days a week in all other offices. If you have questions on this policy or the application process, please contact recruiting@gafg.com.

COMPANY OVERVIEW

Global Atlantic Financial Group is a leader in the U.S. life insurance and annuity industry, serving the needs of individuals and institutions. Global Atlantic is a majority-owned subsidiary of KKR, a leading global investment firm that offers alternative asset management across multiple strategies and capital markets solutions.

Global Atlantic is looking for a diverse team of talented individuals who reinforce our culture of collaboration and innovation. We are dedicated to the career development of our people because we know they are critical to our long-term success. Join our team and come grow with us. 

POSITION OVERVIEW

Global Atlantic is looking for an enthusiastic professional to be an individual contributor on the Information Security Risk Management team as a Senior Security Governance Analyst. The Information Security team is responsible for the Cyber Risk Governance, Frameworks, and Incident Management related to systems, infrastructure, processes, and third parties. The Senior Security Governance Analyst will work with minimal supervision and should be able to understand the company’s information security strategy, contributing to the development, maintenance, and implementation of the overall security program, assessing security risk while considering business system operational needs and adherence to regulatory requirements, anticipating, and articulating potential operational impacts of policy and controls changes. In addition, they must be a strong communicator and relationship builder, who can use their skills to track remediation of any identified control gaps and deficiencies, analyze data for management reporting and ensure information security requirements are in place.

The Senior Information Security Analyst will work collaboratively with interdisciplinary teams to identify, assess, and address information security risks, often taking a lead role in areas such as information security frameworks, security risk management, information security training, policy and standards, regulatory/contractual requirements, planning, mitigation, metrics, reporting, and incident management. This role will provide you with the opportunity to bring your skills to a growing team while being provided opportunities to learn and develop your security career.

JOB FUNCTIONS AND RESPONSIBILITIES:

  • Acts as a liaison and Information Security GRC expert. Serves as a source of information on the Security Governance and Compliance needs and the regulatory environment.
  • Executes strategy for supporting internal and external compliance checks and assessment processes.
  • Analyzes and recommends improvements to information governance processes that align with business goals.
  • Maintains risk/threat repository and collaborates with business and technology leaders to ensure the successful remediation of identified security weaknesses through the creation and tracking of Remediation Action Plans.
  • Detailed analysis of mitigation measures, threats, risks, defining residual risk and risk tolerance
  • Reports and communicates remediation activity status and metrics
  • Executes the Company's information security incident management process, ensuring all aspects of an incident are appropriately investigated, documented, remediated, and communicated
  • Stays abreast of changes to the cyber threat landscape and industry, to maintain and update information security policies, controls, standards, and processes as appropriate.
  • Determines the impact of changes for the cyber regulatory landscape and work to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements.
  • Evaluates security controls to confirm adequate coverage of requirements from policies, standards, and controls.
  • Assists in the management and maintenance of the Cybersecurity Regulatory & Compliance Management Program, ensuring all activities, processes, and procedures meet defined requirements, policies, and regulations.
  • Maintains an understanding of security technologies including Anti-Malware, EDR, Web Security, SIEM, IPS/IDS, Firewalls, and Threat Intelligence.
  • Provides support for the information security training and awareness program
  • Assists in the development and implementation of role specific education paths for Information Security based on current industry standards and organizational strategic/mission requirements.
  • Serve as Information Security liaison on business projects throughout all project phases, including planning, implementation, and go-live support.

QUALIFICATIONS:

  • 6-8+ years related experience (e.g., Governance, Audit, Cyber Risk Management)
  • Bachelor’s degree in Information Systems, Computer Science, Audit, related field, or equivalent work experience
  • Highly organized self-starter with the ability to effectively meet deadlines
  • Knowledge of risk management processes, techniques, and tools (e.g., risk qualification and analysis, risk metrics and thresholds, providing management responses, assessing remediation actions)
  • Working knowledge of common IT security-related regulations and/or standards highly desired (e.g., NYDFS, CCPA, Sarbanes-Oxley, GLBA, FFIEC, BMA, NIST and ISO 27001/2)
  • Ability to work cross-functionally and establish credibility
  • Ability to clearly articulate ideas in a business-friendly and user-friendly language
  • Ability to maintain security documentation and manuals
  • Excellent analytical, decision-making, interpersonal, verbal, and written communication skills.
  • Demonstrated experience in a multi-vendor environment
  • Curious, inquisitive, innovative, lifelong learner and self-starter
  • Ability to work independently in a timely, organized, methodical manner.
  • Experience with Tableau or other reporting tools a plus.
  • Solid understanding of information security risk management strategies
  • General understanding of threats to include common attack vectors and methodologies.
  • Information security industry recognized certification(s) preferred (i.e., Certified Information System Auditor–CISA, Certified in Risk and Information Systems Control–CRISC, Certified Information System–CISM.)

#LI-AM1

TOTAL REWARDS STATEMENT  

Global Atlantic’s total rewards package is reflective of our corporate values, particularly diversity, excellence and innovation, with a focus on inclusion, pay equity, and flexibility. We are proud to support your personal and professional growth and well-being through programs such as educational assistance, virtual physical therapy, remote/onsite fitness reimbursement, a medical second opinion program, pet insurance, military leave, parental leave, adoption assistance, fertility and family planning coverage. We strive to foster a culture of total well-being through community outreach and charitable giving programs.

We are active in our communities-

  • New York: Red Hook Conservancy, Girls Who Invest and The Bowery Mission
  • Boston: Cradles to Crayons, Project Bread, Let’s Get Ready, Rise Against Hunger, Salvation Army and many other local volunteer organizations in around the Boston area
  • Hartford: Habitat for Humanity, Foodshare, Humane Society, Hands on Hartford, Mercy Shelter and Dog Star Rescue
  • Indianapolis: Elevate Indianapolis, Gleaners Food Bank and the Juvenile Diabetes Research Foundation
  • Batesville: American Cancer Society Relay for Life, Angels of Giving, Margaret Mary Health Foundation, Ripley County Community Foundation, Safe Passage, Batesville High School Sponsorships, local area youth sports and food pantries, as well as many others
  • Des Moines: United Way, Central Iowa Shelter & Services, Junior Achievement of Central Iowa and Make a Wish Foundation
  • Berwyn: Food drive and will be planning an event to help a local family over the holidays
  • Atlanta: Packaged Good Organization, which helps the most vulnerable community members with providing personalized care packages for people in need including the elderly, our armed forces, the homeless and hospitalized kids
  • Bermuda: Sponsor of a weekly feeding program operated by The Hamilton Seventh-Day Adventist Church

Social platforms provide an environment to collaborate with others and participate in friendly competitions towards achieving physical, emotional and financial well-being. Our highly competitive health, retirement, life and disability plans can be tailored to best suit your needs and those of your whole family.

Global Atlantic is committed to creating an inclusive environment where everyone can meaningfully contribute to our success. We are proud to be an equal opportunity employer and we do not discriminate in employment on any basis that is prohibited by federal, state or local laws.  More than that, we strive to be inclusive of all backgrounds and experiences, which we feel gives us a competitive advantage in the market and within our firm.  All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status.

Employees who require an accommodation to perform the essential functions of their job will participate in an interactive process which may include providing documentation. If you are hired and require an accommodation for any protected status, please email benefits@gafg.com.

Global Atlantic Financial Company Employee Candidate Privacy Notice

Example: 

32 Longview Lane

West Hartford, CT 06107

Voluntary Inclusion Questions

We encourage qualified applicants from all backgrounds to apply.  As such, we are committed to achieving a diverse candidate pool for open positions and that our interview teams are made up of employees from different backgrounds.  Sharing your background with us will help us with that focus, although recruiters and hiring managers will not have the ability to see individual responses (only aggregate information).  

This information is not used to determine who is selected for interviews or will be hired, but is helpful in identifying resources, sites and groups which add value in increasing our applicant pool and ensures that we attract the best and most diverse workforce.  This is purely voluntary but will help our mission to be inclusive.  

 

Which category below best describes you (please select only one):
How do you currently describe your gender identity? (please select only one)
Have you been diagnosed with any disability or impairment? (please select only one)
Do you identify as a veteran or as being or having been a member of the military? (please select only one)
Do you consider yourself a member of the Lesbian, Gay, Bisexual, Trans or Queer (LGBTQ+) community? (please select only one)
Which of the following best describes your education status? (please select the one option that fits you best)