Cyber Risk Analyst - Remote

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties. We are committed to progress over perfection, recognizing each day as an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Cyber Risk Analyst - Remote! Join us and support CSAA IG in achieving our goals.

Supports the management of Information Technology risk for both new build and existing infrastructure and environments. Provides subject matter expertise to leadership, IT teams, and the business on cybersecurity matters. Collaborates with the security team, including vulnerability management, logging and monitoring, and threat intelligence teams to understand threats and the CSAA IT environment to communicate CSAA’s security posture.

Performs complex work supporting the implementation of IT risk management processes and cyber risk quantification (CRQ). Works under general supervision on projects of moderate to high scope and complexity, advising the business on technology security risk exposure and measures to manage and mitigate risk.

• Conduct risk assessments, analyze the effectiveness of CSAA IG's IT compliance activities, and report findings with recommendations to leadership.
• Perform compliance reviews to ensure applications, platforms, and cloud environments adhere to policies and procedures.
• Support business projects, often using Agile methodologies, to identify security requirements and concerns, coordinating with IT and business staff.
• Track and manage security findings and exceptions in the GRC platform.
• Develop and maintain security dashboards to inform security risk management and leadership of risk exposure.
• Use FAIR methodology to analyze technology risk scenarios, modeling impact and likelihood of cyber risk events.
• Utilize the MITRE ATT&CK framework to develop threat models for cyber risk quantification.
• Develop methodologies and models to support technology risk management decisions.

• Review third-party/vendor risk assessments and escalate significant issues to leadership.
• Manage third-party risk assessments within designated project portfolios.

• 8+ years’ work experience in relevant fields
• Bachelor's degree in Computer Science, Information Systems, or related field, or equivalent experience.
• Strong ability to build and maintain constructive relationships across diverse teams.
• Effective communication skills for both technical and non-technical audiences.
• Experience managing projects involving multiple stakeholders.

• 8+ years of system documentation and/or technical writing experience.
• Master’s degree in STEM or equivalent.

Actively participates in shaping company culture, demonstrates cultural norms, is willing to travel as needed, and fulfills business needs including extra time and team support. At CSAA IG, we are committed to protecting our community and our planet, emphasizing inclusion, belonging, and innovation.

Recognition : We offer a comprehensive compensation package, performance bonus, 401(k) with company match, and more!