Cyber Risk Analyst - Remote

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Cyber Risk Analyst - Remote! Join us and support CSAA IG in achieving our goals.

Your Role : Supports the management of Information Technology risk for both new build and existing infrastructure and environments. Provides subject matter expertise to leadership, IT teams, and the business on cybersecurity matters. Works with the security team, including vulnerability management, logging and monitoring, and threat intelligence teams to understand threats and the CSAA IT environment to communicate CSAA’s security posture.

Your work : Performs more complex work supporting implementation of IT risk management processes and cyber risk quantification (CRQ). Incumbents in this level work under general supervision on projects of moderate to high scope and complexity and rely on experience to advise the business on their technology security risk exposure and measures to manage and mitigate risk.

Security Risk Management :

Conduct risk assessments, analyze the effectiveness of CSAA IG's IT compliance activities, and report with recommendations to leadership.

Performs compliance reviews to ensure applications, platforms, and cloud environments are operating in accordance with established policies and procedures.

Support business projects, often using Agile methodologies, to identify security requirements and concerns, coordinating with staff from the IT organization and business units.

Track and manage security findings and exceptions in the governance, risk, and compliance (GRC) platform.

Develop and maintain security dashboards to inform security risk management, IT teams, and business leadership of risk exposure.

Using Factor Analysis of Information Risk (FAIR) methodology, analyze technology risk scenarios modeling impact and likelihood of cyber risk events.

Utilize the MITRE ATT&CK framework to develop threat models for use in cyber risk quantification.

Develop methodologies and models to support technology risk management decisions.

Third Party Risk Management :

Conduct reviews of third-party / vendor risk assessments and escalate significant issues to leadership.

Track and manage third party risk assessments within designated portfolio of projects.

Required Experience, Education and Skills :

8+ years’ work experience in relevant fields

Bachelor's degree in related area (Computer Science, Information Systems or other related field) or an equivalent combination of education and experience

Ability to build and maintain constructive working relationships with a diverse community throughout the organization.

Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences.

Ability to manage projects of moderate scope involving stakeholders from multiple business units inside and outside of IT.

What would make us excited about you?

Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)

Lives into cultural norms (e.g., willing to have cameras when it matters : helping onboard new team members, building relationships, etc.)

Travels as needed for role, including divisional / team meetings and other in-person meetings

Fulfills business needs, which may include investing extra time, helping other teams, etc.

8+ years System documentation experience and / or technical writing (Preferred)

Master’s degree in STEM field or equivalent combination of education and experience (Preferred)

At CSAA IG, we’re proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.

BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.

COMMIT to being there for our customers and employees.

CREATE a sense of purpose that serves the greater good through innovation.

Recognition : We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more!