Kinsale Insurance is looking for individuals who are passionate about security and technology. This Information Security Analyst role will report to the Manager of Information Security and will help improve the security posture of the organization. Create, maintain, communicate, enhance, and monitor security policy, drive information security compliance, and manage risk across IT and the lines of business.RESPONSIBILITIES: Information Security Program Management
- Maintain, report, and enhance enterprise vulnerability management processes and tooling
- Facilitate the delivery of information technology audit compliance
- Conduct risk assessments at the network, system, application, and vendor levels and assess results against policies, standards, procedures, industry best practice, and acceptable risk thresholds
- Utilize risk management frameworks and control catalogs, such as the NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls, as well as various audit processes to assess the organization's information security posture and make recommendations for improvement
- Provide IT security requirements and guidance to IT and business stakeholders
- Support delivery of the IT third-party risk management program
- Manage, create, and update information security governance documentation
Prevention
- Ensure employees receive initial and routine security awareness training; design and implement ongoing awareness activities
- Design and deliver enterprise-wide internal phishing campaigns, and perform necessary data analysis for risk remediation
- Identify security controls and formulate risk treatments plans to manage information security risks that fall outside of acceptable thresholds
- Work with appropriate stakeholders to implement controls in alignment with IT governance documents
- Create and review information systems security status, standards compliance, and deficiencies using key performance indicators, key risk indicators, and other metrics
Detection and Response
- In coordination with information security team members, respond to IT security events, incidents, suspicious activity and / or alerts to prevent adverse impact to users, processes, systems, or data
- Coordinate routine incident response tabletop planning activities and tests, including other areas of IT operations as appropriate
- Coordinate routine disaster recovery planning, testing, and documentation
QUALIFICATIONS:
- Bachelor's degree in computer science, technology, or related field preferred; equivalent experience will be considered
- 3+ years of experience across one or more IT security domains
- 2+ years of working with risk monitoring and tracking processes across a variety of security controls and driving remediation activities
- 2+ years of experience working in an enterprise IT security, risk, or governance environment
- Ability to balance appropriate information security controls with business risk tolerance
- Experience with information security frameworks and control catalogs such as NIST CSF, CIS CSC, NIST 800-53, and ISO/IEC 27001/2
- Experience with Sarbanes-Oxley (SOX) controls
- Experience with U.S. state information security and privacy regulations such as NY Cybersecurity Requirements for Financial Services Companies, Virginia Insurance Data Security Act, and California Consumer Privacy Act is preferred
- Detailed understanding of information security and compliance best practices
- Ability to create reports and dashboards using commercial off-the-shelf tools such as MS Excel and PowerPoint
- Excellent analytical and problem-solving skills
- Strong communications (written and verbal) and collaboration skills
- CISSP, CISM, CISA, or CRISC certifications are preferred
At Kinsale we offer the following great benefits:
- Competitive salary with performance-based bonus opportunities
- Single and Family Health, Dental and Vision Insurance plans with HSA funds contributed
- Short-Term and Long-Term disability
- Life Insurance
- Matching 401(k) which starts on your first paycheck
- Generous Paid Time Off and Holidays
- Education dollars for training and certifications
- Promotion from within the company with clear goals and developed career paths