Information Security Governance Analyst II

<strong>AF Group (Lansing, Mich.) and its subsidiaries are a premier provider of innovative insurance solutions. Insurance policies may be issued by any of the following companies within AF Group: Accident Fund Insurance Company of America, Accident Fund National Insurance Company, Accident Fund General Insurance Company, United Wisconsin Insurance Company, Third Coast Insurance Company, or CompWest Insurance Company.</strong>

Lansing, USA

AF Group

<p class="p1"><strong>AF Group&rsquo;s focused and passionate team uses industry-leading best practices, analytics and resources to manage risk and minimize loss for our policyholders while strengthening businesses with our valued independent agent partners.</strong></p> <p class="p1"><strong>We strive to continuously increase the long-term value of our organization by outperforming our industry peers and fostering a culture of underwriting and claims excellence.</strong></p>

keywords: summary,job description,support,security,performance,quality assurance,education,experience,proficiency,communication,problem solving,initiative,skills


Competitive Compensation and Benefits Package

Overview: <br />This position coordinates activities for the creation, implementation, and execution of strategies and programs designed to reduce and mitigate information security risk across the enterprise. The role supports information security governance function, ensuring enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately in accordance with organization policies, standards, and processes in accordance with business needs.<br /><br /><br /> <p><strong>WORKING CONDITIONS:</strong></p> <p>Work is performed in an office setting with no unusual hazards. Minimal travel required.</p>
Responsibilities: <br /> <ul> <li>Supports establishing consistent policies and standards to enforce ownership and accountability.</li> <li>Responsible for the analysis, enforcement, and reporting of governance in alignment with applicable industry frameworks, policies, standards, and processes.</li> <li>Validate the efficacy, sustainability, and implementation of existing controls.</li> <li>Responsible for developing security awareness training strategies and goals</li> <li>Promote and raise awareness of cybersecurity programs and posture, driving change and influencing proper cybersecurity hygiene within the organization.</li> <li>Communicate technological and cybersecurity concerns to relevant business entities.</li> <li>Maintain in-depth awareness of current cybersecurity trends and technology.</li> <li>Create, disseminate, and/or amend procedural and technical documentation on an as-needed basis.</li> <li>Represents company in community and industry, programs and conferences.</li> <li>Supports vision, leadership, planning, project coordination and management for the development of a cost-effective department while concurrently facilitating efficient operations to meet current and future business needs within the organization.</li> <li>Participates in the development of programs as a strategic partner that supports the company plan.</li> <li>Responsible for balancing workload to optimize the effectiveness of the department.</li> </ul> <br /> <p>This position description identifies the responsibilities and tasks typically associated with the performance of the position. Other relevant essential functions may be required.</p>
Requirements: <br /> <p><strong>EDUCATION:<br /><br /></strong></p> <ul> <li>Bachelor&rsquo;s degree in computer science or related field&nbsp;required.&nbsp;</li> <li>Relevant combination of education and experience may be considered in lieu of degree.&nbsp;</li> <li>Continuous learning, as defined by the Company&rsquo;s learning philosophy, is required.&nbsp;</li> <li>Certification or progress toward certification is required.</li> </ul> <br /> <p><strong>EXPERIENCE:<br /><br /></strong></p> <ul> <li><strong>5 years of experience</strong>&nbsp;in information security governance which must include industry experience in Workers&rsquo; Compensation Insurance (or Commercial Lines).</li> <li>Experience in information security policy governance, and security awareness and training activities is required.</li> </ul> <br /> <p><strong>SKILLS/KNOWLEDGE/ABILITIES (SKA) REQUIRED:<br /><br /></strong></p> <ul> <li>Knowledge of security regulations related to workers' compensation insurance industry.</li> <li>Ability to utilize industry standards and best practices to assess, advise, design, and/or recommend complex, enterprise-wide, regulatory compliance, risk management, and/or internal audit organization structures, policies and procedures, methodologies, toolkits, and templates.</li> <li>Ability to identify and address client needs: actively participating in client discussions and meetings; providing insightful and meaningful recommendations with the occurrence of unanticipated issues.</li> <li>Ability to articulate technological and cybersecurity concerns with relevant business entities.</li> <li>Good understanding of security frameworks (NIST, ISO, HITRUST, etc.)</li> <li>Understanding of the enterprise information security architecture discipline, processes, concepts, and best practices.</li> <li>Ability to run security awareness and training programs including simulated phishing exercises</li> <li>Ability to develop training materials and provide classroom training to the workforce and executives</li> <li>Demonstrated consultative approach to driving change and deploying controls.</li> <li>Knowledge of technological trends and developments in the area of information security and risk management.</li> <li>Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks.</li> <li>Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.</li> <li>Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.</li> <li>Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including managers and vendors.</li> <li>Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.</li> <li>Ability to work with and empower others on a collaborative basis to ensure success of unit team.</li> <li>Ability to effectively exchange information, in verbal or written form, by sharing ideas, reporting facts and other information, responding to questions and employing active listening techniques.</li> </ul> <p>&nbsp;</p> <p><em><br /><br /><br /></em>The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.&nbsp;</p> <p>We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an "at will" basis. Nothing herein is intended to create a contract.</p>