Information Security Analyst ( Hybrid Distance To New Hartford Location)

The Company

At Utica National Insurance Group, 1,400 employees countrywide take our corporate promise to heart every day: To make people feel secure, appreciated, and respected.

Utica National Insurance Group is an "A" rated $1.5B award-winning, nationally recognized property & casualty insurance carrier.

Operating along the Eastern half of the United States, based in our Home Office in Central New York, with Regional Office locations including Boston, NYC, Atlanta, Dallas, Columbus, Richmond, Chicago.

What you will do:

The Information Security Analyst will be required to respond to alerts that come in afterhours including nights, weekends, and holidays, as required.

The Information Security Analysts' focus is to promptly respond to security alerts, contain and recover from any related threats. This role continually analyzes data from security tools, vulnerability assessments, penetration tests, and other sources to identify threats, vulnerabilities, work process issues, and identify opportunities to improve security controls. Comprehensive analysis of this data is critical to supporting effective response to suspected or actual security threats, identifying trends, evaluating security control effectiveness, protecting company IT resources, and ensuring that Protected and Confidential Information is not exposed to unauthorized parties.

Essential Functions:

• Promptly respond to and investigate security alerts and incidents; handle containment and recovery using documented procedures. Ensure an in-depth analysis is performed and all relevant details are documented in the respective alert/incident, incident report, and/or policy violation, as warranted, including an analysis of the potential exposure and impact. Escalate any confirmed security incidents you are unable to contain using documented procedures to an Information Security Engineer. Ensure all relevant details of your investigation and any other actions taken are documented before escalating to the Information Security Engineer.

• Responsible for collecting evidence from InfoSec, IT Shared Services, and other respective teams and documenting the relevant details of incident response activities for suspected or actual security events.

• Investigate security alerts and suspicious emails reported to determine if they are malicious. This task involves technically investigating alerts and email messages, which may include analysis in a sandbox environment, and executing procedures to purge malicious emails from the system; this may include using security tools, executing scripts, or other technical processes.

• Continually resolve and/or analyze data collected by security tools and other metrics including, but not limited to email quarantines, user activity logs, failed login attempts, impossible travel and infrequent country alerts, terminated user activity, elevated privileges, malware campaigns, unusual file activity or external file sharing, NPI shared via email and/or stored in the cloud, email forwarding rules, unusual mail volume/trends, security incident details, and/or emerging threats. It is vital to drill into the detail to understand trends and identify, investigate, resolve any suspicious or unusual activity, opportunities to improve work processes, and/or gaps in the security program. Document any findings and review them with the Information Security Engineer.

• Analyze, research, and organize results of vulnerability scans and penetration tests. Enter vulnerability remediation tasks and prepare remediation matrices. Clearly present details of the vulnerability or threat including impact, exposure, and detailed remediation or mitigation steps.

• Continually research cyber security threats and hacker activity and document details of the threat, impact, exposure, and recommend mitigation strategy.

Additional Responsibilities:

• Perform analysis to determine the effectiveness of current security controls to identify gaps and make recommendations for improvement or tuning.

• Understand business processes and authorized behavior to be able to recognize anomalies. Investigate anomalies as warranted.

• Coordinate InfoSec projects; research, schedule meetings, create meeting notes, track tasks, create documentation, etc.

• Respond to incoming requests from internal customers.

• Collaborate with Shared Services IT, application and database teams, and end users, as required.

• Coordinate sending and receiving of Third Party Security Risk Assessment questionnaires. Format and prepare for upload to BI dashboard.

• Assist with data collection, analysis, and presentation preparation of Information Security related metrics.

• Assist in developing security awareness training content, configuring simulated phishing exercises, verifying test results , compiling reports.

• Research and stay current with emerging technology, best practice, and industry security standards.

• Assists in compiling internal and external audit evidence, as requested.

• Performs other duties as assigned.

• Conforms with all corporate policies and procedures.

What you need:

• Bachelor's Degree; Computer science, engineering, or technology related discipline preferred.
• 4-7 years Hands on experience in a relevant field preferred. Would consider less experience with relevant education/certifications
• GSEC, GISF, Security + Preferred

Salary Range: $70000-$136,000

The final salary to be paid and position within the internal salary range is reflective of the employee's work experience, their geographic location, education, certification(s), scope and responsibilities in the role, and additional qualifications.

Benefits:

We believe strongly that talented people are core to our success and are attracted to companies that provide competitive pay, comprehensive benefits packages, career advancement and challenging work opportunities. We offer a Comprehensive Benefits Plan for full time employees that include the following:

• Medical and Prescription Drug Benefit

• Dental Benefit

• Vision Benefit

• Life Insurance and Disability Benefits

• 401(k) Profit Sharing and Investment Plan (Includes annual Company financial contribution and discretionary Profit Sharing contribution based upon annual company financial results)

• Health Savings Account (HSA)

• Flexible Spending Accounts

• Tuition Assistance, Training, and Professional Designations

• Company-Paid Family Leave

• Adoption/Surrogacy Assistance Benefit

• Voluntary Benefits - Group Accident Insurance, Hospital Indemnity, Critical Illness, Legal, ID Theft Protection, Pet Insurance

• Student Loan Refinancing Services

• Care.com Membership with Back-up Care, Senior Solutions

• Business Travel Accident Insurance

• Matching Gifts program

• Paid Volunteer Day

• Employee Referral Award Program

• Wellness programs

Additional Information:

This position is a full time salaried, exempt (non overtime eligible) position.

Utica National is an Equal Opportunity Employer.

Apply now and find out what it's like to be a part of an amazing team, thrive in an exciting environment and work for a company you can be proud of. Once you complete your application, you can monitor your status in the hiring process by logging into your profile. A representative from our Talent Acquisition team will be in touch regarding any change in your candidacy.

#LI-MR1