The TMNAS Governance, Risk and Compliance Analyst II is an operational and functional resource role within the Technology Security and Risk Management function within the TMNAS IT Department. The TMNAS Governance, Risk and Compliance Analyst II will enforce enterprise information security policies, standards and controls and will assess and document TMNAS' information security risk and compliance posture. They will provide security expertise supporting organization risk reduction through development and implementation of the information security GRC program to align with industry best practices. The TMNAS IT Security Analyst II will be a significant contributor evaluating organizational security needs ensuring solutions and controls are developed and implemented with supporting practices and procedures.
- Work within the Risk, Governance and Compliance team to maintain security policies and standards
- Provide subject matter expertise in support and development of improved security policies and threat models.
- Implement and manage solutions and processes to manage, track, and report on control activities.
- Prepare reports for leadership to communicate risk, risk treatments and control effectiveness
- Contributes to the development and maintenance of information security strategy.
- Create and execute strategy for managing customer security questionnaires, security inquiries, and internal and external assessments.
- Collaborate with legal and procurement teams to develop 3rd party risk management program.
- Stay apprised of government and industry security regulations and requirements.
- Complies with proper internal controls as necessary to conduct job functions and/or carry out responsibilities and/or administrative activities at the Company.
- Establishes and builds strong working relations and partnerships with IT peers and Business Units.
- Performs special projects and other duties as may be assigned.
Degree / Licenses and Professional Certifications
- Bachelor's degree in engineering, computer science, or similar major preferred.
- CISSP, CISA, or other security/audit certifications preferred
- 5 years relevant information security compliance and/or information security audit experience.
- 2-3 years in information security preferred.
- Experience in cloud technologies preferred.
- Experience in regulated control environments (e.g. JSOX/SOX, NYDFS, and PCI) preferred.
- Experience in GRC tools and data visualization tools (PowerBI) a plus.
- Knowledge of one or more major Information Security standards/frameworks such as NIST Cybersecurity Framework, NIST 800 series, ISO 27000 series, NYDFS, SOC 2 (AICPA Trust Service Principles), GDPR, etc.
- High-level understanding of IT and security topics such as network security, operating system security, authentication and authorization, and secure software development lifecycle.
- Knowledge, insight, and understanding of business concepts and processes that are needed for making sound decisions in the context of the company's business; ability to apply this knowledge appropriately to diverse situations.
- Practiced knowledge of pragmatic and risk appropriate security controls
- Knowledge of typical organizational politics and political tactics; ability to effectively navigate formal and informal communication and decision-making channels.
- Strong writing and communication skills.
- Strong customer service orientation toward Business Units requiring consultation (responsive, consultative, collaborative and accurate).
- Able to work with a group to set its objectives and agenda, generate allegiance to those objectives, and guide and motivate achievement.
- Interpersonal relationship building skills; able to work with a variety of people and groups in a constructive and collaborative manner.
- Analytical ability with the capability to determine the root cause of problems and issues and provide solutions.
- Applies organizational acumen to identify and maintain focus on key success factors for the organization.
- Superior attention to detail.
- Ability to juggle multiple, competing, frequently changing time-sensitive deadlines and priorities
- Ability to work independently and without supervision.
- Ability to work effectively as part of a team.
Tokio Marine Group of Companies (including, but not limited to the Philadelphia Insurance Companies, Tokio Marine America, Inc., TMNA Services, LLC, TM Claims Service, Inc. and First Insurance Company of Hawaii, Ltd.) is an Equal Opportunity Employer. In order to remain competitive we must attract, develop, motivate, and retain the most qualified employees regardless of age, color, race, religion, gender, disability, national or ethnic origin, family circumstances, life experiences, marital status, military status, sexual orientation and/or any other status protected by law.