Information Security Risk Analyst II

Remote - Florida

Brown & Brown Insurance

View company page

Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.

It's an exciting time to join Brown & Brown!  Our business is growing both in North America and internationally which emphasizes the need to build an unparalleled team that promotes future growth. We're excited to continue solidifying that foundation as we are looking for an Information Security Risk Analyst II to join our growing security team.

The Information Security Risk Analyst II conducts analysis of information security controls within the organization and of third parties to determine the associated information security risk and communicate posture to the business

Who We Are:  Brown & Brown, Inc. is a growing global insurance brokerage firm delivering risk management solutions and services since 1939.  Our unique culture is built on honestly, integrity, innovation and discipline and defines who we are and how we treat our customers, teammates and the communities we serve.  We think of ourselves as a team, so we have teammates---not employees.  We prioritize health, family, and business---in that order.  We embrace and celebrate diversity, always striving to be an inclusive place where you have the power to be yourself.  Traded on the New York Stock Exchange as BRO, Brown & Brown is a big company that doesn’t act like one.

Who We Are Looking For:  We are looking for passionate team players who believe in working hard and having fun in a collaborative environment.  Our team is customer-focused and values the importance of strong relationships, professionalism, and trust.  We embrace solutions-oriented big thinkers who are committed to results and aren’t afraid to take risks.  We are driven to set goals high and aim even higher.

General Responsibilities:

  • Provide:

    • Research and analysis to handle inbound cybersecurity inquiries from company’s third parties.

    • Recommendations for communicating identified security risks of new or potentially new third parties.

    • Guidance in identifying, evaluating, and developing processes and procedures that are effective; meet information security standards and requirements, and follow information security policies and regulations.

    • Reporting and analysis to monitor and communicate information security risk activities.

    • Consultation to business partners, teammates, and management.

  • Complete research and analysis related to vetting new or potentially new third parties. 

  • Document, track, monitor, and investigate potential information security incidents reported by company’s third parties.

  • Document, track, and monitor open remediation activities to ensure key risks are addressed timely.

  • Assess information security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, NIST CSF, ISO 270001, etc.).

  • Perform impact/risk assessments.

  • Manage business partner relationships, including determining needs/requirements, managing expectations, and demonstrating commitment to delivering quality results.

  • Prepare plans and related correspondence.

  • Collect and process data for follow-on analysis.

  • Assist and analyze third party risk including documentation.

  • Manage assigned work tasks and reports progress to supervisor or manager.

  • Communicate information security issues and concerns to leadership in a timely manner.

  • Participate in cross-functional teams to address information security policy, risk, or compliance issues.

  • Determine best practices and recommend how to improve current practices and monitoring.

  • Process complex inquiries from business partners and third parties (e.g., RFPs, Information Security questionnaires, Contract reviews, etc.). 

  • Work toward the continuous improvement of internal processes and procedures to streamline work that affects our internal business partners, as well as their external clients and third parties.

  • Contribute and work with Information Security teammates to ensure multiple projects are delivered on time and meet expectations.

  • Lead small to medium Information Security Risk Management project initiatives.

  • Develop and maintain dashboards, reports, metrics, and trending data related to information security.

  • Perform other duties as assigned.

Required Qualifications:

  • Bachelor’s degree (Cyber security or related field), relative Information Security certification, and 2-5 years’ related experience.

  • Experience working with ticketing systems and GRC platforms (ex. Archer, Service Now)

  • Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or related certification.

  • Ability to review Service and Organization Controls (SOC) reports to confirm expected business and partner controls are implemented.

  • Knowledge of:

    • Security controls related to COBIT, HITRUST, SOX, PCI, HIPAA, NYDFS 23 NYCRR 500, and other regulations.

    • Computer networking concepts and protocols, and network security methodologies. 

    • Risk management processes (e.g., methods for assessing and mitigating risk). 

    • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 

    • Organization's enterprise information security architecture. 

    • Security assessment and authorization processes.

    • Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). 

    • Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

    • Structured analysis principles and methods.

    • Cyber defense reporting structure and processes.

    • Organization's core business/mission processes.

    • Information Technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.

What we offer:    

  • Excellent growth and advancement opportunities

  • Competitive pay based on experience

  • Discretionary Time Off (DTO)

  • Generous benefits package: health, dental, vision, 401(k), etc.

  • Employee Stock Purchase Plan

  • Tuition Reimbursement and Student Loan Repayment Assistance

  • Mental Health Resources

We are an Equal Opportunity Employer. We take pride in the diversity of our team and seek diversity in our applicants.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CISA CoBIT Compliance CRISC Cyber defense HIPAA HITRUST Monitoring Network security NIST Privacy Risk assessment Risk management Security assessment SOC

Perks/benefits: Competitive pay Flex vacation Health care Startup environment

Regions: Remote/Anywhere North America South America
Country: United States
Job stats:  52  15  0

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.