MID SECURITY AND GOVERNANCE ANALYST

MID SECURITY GOVERNANCE

• Awareness Training and Adoption
• Design and develop visual and written cybersecurity learning content Implement cybersecurity user awareness campaigns learning programs communications and user adoption initiatives for new capabilities
• Compliance Policies Standards and Processes
• Lead ISMS certification preparation execution and completion
• Develop calibrate and release Information Security Policies Standards Guidelines and Procedures Adopt global cybersecurity frameworks into company policies standards and processes
• Conduct Information Security compliance audits across business and technology groups
• Support regulatory compliance activities
• Perform user access reviews both periodic and project specific Third Party Cybersecurity Risk Management Third Party Contract Management
• Build and maintain an inventory of third parties and assess their criticality to company operations
• Review third party contracts and ensure cybersecurity requirements are properly included
• Review terms and conditions to address cyber risks including subcontracting risks
• Collect and analyze cyber risk metrics and indicators for monitoring Third Party Cyber Risk Management Conduct security posture assessments of third parties for renewal or extension of engagements
• Monitor changes in third party criticality and risk and review performance on an ongoing basis Assess external sources of third party cyber risk for potential systemic impact Implement measures to manage third party risks and improve information sharing Incident
• Response Support execution of incident response plan exercises and simulations with internal teams and external partners Compliance Management Support
• Respond to cybersecurity questionnaires related to insurance applications and external assessments