Information Security Risk Analyst II
Remote - Florida
Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.
It's an exciting time to join Brown & Brown! Our business is growing both in North America and internationally which emphasizes the need to build an unparalleled team that promotes future growth. We're excited to continue solidifying that foundation as we are looking for an Information Security Risk Analyst II to join our growing security team.
The Information Security Risk Analyst II conducts analysis of information security controls within the organization and of third parties to determine the associated information security risk and communicate posture to the business.
Who We Are: Brown & Brown, Inc. is a growing global insurance brokerage firm delivering risk management solutions and services since 1939. Our unique culture is built on honestly, integrity, innovation and discipline and defines who we are and how we treat our customers, teammates and the communities we serve. We think of ourselves as a team, so we have teammates---not employees. We prioritize health, family, and business---in that order. We embrace and celebrate diversity, always striving to be an inclusive place where you have the power to be yourself. Traded on the New York Stock Exchange as BRO, Brown & Brown is a big company that doesn’t act like one.
Who We Are Looking For: We are looking for passionate team players who believe in working hard and having fun in a collaborative environment. Our team is customer-focused and values the importance of strong relationships, professionalism, and trust. We embrace solutions-oriented big thinkers who are committed to results and aren’t afraid to take risks. We are driven to set goals high and aim even higher.
Research and analysis to handle inbound cybersecurity inquiries from company’s third parties.
Recommendations for communicating identified security risks of new or potentially new third parties.
Guidance in identifying, evaluating, and developing processes and procedures that are effective; meet information security standards and requirements, and follow information security policies and regulations.
Reporting and analysis to monitor and communicate information security risk activities.
Consultation to business partners, teammates, and management.
Complete research and analysis related to vetting new or potentially new third parties.
Document, track, monitor, and investigate potential information security incidents reported by company’s third parties.
Document, track, and monitor open remediation activities to ensure key risks are addressed timely.
Assess information security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, NIST CSF, ISO 270001, etc.).
Perform impact/risk assessments.
Manage business partner relationships, including determining needs/requirements, managing expectations, and demonstrating commitment to delivering quality results.
Prepare plans and related correspondence.
Collect and process data for follow-on analysis.
Assist and analyze third party risk including documentation.
Manage assigned work tasks and reports progress to supervisor or manager.
Communicate information security issues and concerns to leadership in a timely manner.
Participate in cross-functional teams to address information security policy, risk, or compliance issues.
Determine best practices and recommend how to improve current practices and monitoring.
Process complex inquiries from business partners and third parties (e.g., RFPs, Information Security questionnaires, Contract reviews, etc.).
Work toward the continuous improvement of internal processes and procedures to streamline work that affects our internal business partners, as well as their external clients and third parties.
Contribute and work with Information Security teammates to ensure multiple projects are delivered on time and meet expectations.
Lead small to medium Information Security Risk Management project initiatives.
Develop and maintain dashboards, reports, metrics, and trending data related to information security.
Perform other duties as assigned.
Bachelor’s degree (Cyber security or related field), relative Information Security certification, and 2-5 years’ related experience.
Experience working with ticketing systems and GRC platforms (ex. Archer, Service Now)
Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or related certification.
Ability to review Service and Organization Controls (SOC) reports to confirm expected business and partner controls are implemented.
Security controls related to COBIT, HITRUST, SOX, PCI, HIPAA, NYDFS 23 NYCRR 500, and other regulations.
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Organization's enterprise information security architecture.
Security assessment and authorization processes.
Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Structured analysis principles and methods.
Cyber defense reporting structure and processes.
Organization's core business/mission processes.
Information Technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
What we offer:
Excellent growth and advancement opportunities
Competitive pay based on experience
Discretionary Time Off (DTO)
Generous benefits package: health, dental, vision, 401(k), etc.
Employee Stock Purchase Plan
Tuition Reimbursement and Student Loan Repayment Assistance
Mental Health Resources
We are an Equal Opportunity Employer. We take pride in the diversity of our team and seek diversity in our applicants.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open EDR-related jobs
- Open Splunk-related jobs