Cyber Risk Analyst - Remote

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties. We are committed to progress over perfection, embracing innovation and adaptability daily. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Cyber Risk Analyst - Remote. Join us and support CSAA IG in achieving our goals.

Supports the management of Information Technology risk for both new build and existing infrastructure and environments. Provides subject matter expertise to leadership, IT teams, and the business on cybersecurity matters. Collaborates with the security team, including vulnerability management, logging and monitoring, and threat intelligence teams to understand threats and the CSAA IT environment, communicating CSAA’s security posture.

Performs complex work supporting the implementation of IT risk management processes and cyber risk quantification (CRQ). Works under general supervision on projects of moderate to high scope and complexity, advising the business on technology security risk exposure and mitigation measures.

• Conduct risk assessments, analyze the effectiveness of CSAA IG's IT compliance activities, and report findings with recommendations to leadership.
• Perform compliance reviews to ensure applications, platforms, and cloud environments adhere to established policies and procedures.
• Support business projects, often using Agile methodologies, to identify security requirements and concerns, coordinating with IT staff and business units.
• Track and manage security findings and exceptions in the governance, risk, and compliance (GRC) platform.
• Develop and maintain security dashboards to inform security risk management, IT teams, and business leadership of risk exposure.
• Use the FAIR methodology to analyze technology risk scenarios, modeling impact and likelihood of cyber risk events.
• Utilize the MITRE ATT&CK framework to develop threat models for cyber risk quantification.
• Develop methodologies and models to support technology risk management decisions.

• Review third-party/vendor risk assessments and escalate significant issues to leadership.
• Track and manage third-party risk assessments within designated project portfolios.

• 8+ years’ relevant work experience
• Bachelor's degree in Computer Science, Information Systems, or a related field, or an equivalent combination of education and experience
• Strong ability to build and maintain constructive relationships across diverse communities within the organization.
• Effective communication skills, both written and verbal, to influence technical and non-technical audiences.
• Experience managing projects of moderate scope involving multiple stakeholders inside and outside IT.

• Active participation in shaping company culture (e.g., employee resource groups, volunteering).
• Living our cultural norms (e.g., participating in onboarding, building relationships).
• Willingness to travel as needed for role-related meetings.
• Dedication to fulfilling business needs, including extra time and cross-team support.
• 8+ years of system documentation and/or technical writing experience (Preferred).
• Master’s degree in STEM or equivalent experience (Preferred).

At CSAA IG, we’re devoted to protecting our customers, employees, communities, and the planet. We are committed to climate action, inclusion, belonging, and innovation. Join us in building a community of service and purpose.

Recognition : We offer a comprehensive compensation package, performance bonus, 401(k) with company match, and more!