Description: Information Security Program Analyst
Reports to: Information Security Program Manager
Location: Carmel, IN
About Protective Insurance
Protective Insurance specializes in marketing and underwriting insurance for the transportation industry. Backed by our successful history and financial strength, we offer diverse, innovative products in the property and casualty insurance market.
Support the Director of Information Security and Information Security Program Manager in developing, implementing and maintaining policies, standards, procedures to control and manage information assets to meet company and regulatory requirements.
Analyze and evaluate information security programs and procedures to protect corporate information systems assets from intentional or inadvertent modification, disclosure, or destruction.
Monitor effectiveness of existing security controls through reported metrics, audit findings, etc.
Document and maintain information security programs and procedures to protect all information systems data, including mainframe, networks, and software applications.
Assist in creating and enforcing security standards, policies and procedures.
Research and maintain current knowledge regarding information security issues, trends, solutions and potential implications.
Review, research, manage and report on information security policy and standard exceptions.
Perform risk assessments of business processes, systems and applications.
Maintain a schedule of classified data locations.
Analyze and evaluate the design and operating effectiveness of information technology and security controls that are in place. Manage and follow up on action plans to close existing gaps.
Evaluate current security practices against regulatory and industry benchmarks.
Perform a vendor security assessments and assesses a residual risk rating for the vendor based upon their control environment.
Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize risk to the company.
Assist with the education of staff about the requirements of information security and the efforts to improve information security awareness.
Self-starter with ability to manage time effectively, work independently.
Strong time management and planning capabilities.
Ability to engage in consultative dialogue with stakeholders, strong aptitude in listening and problem solving, with focus on implementation and operations.
Exceptionally detailed oriented and well-organized.
Strong relationship-building and relationship management skills.
Demonstrates excellent professional presence and business acumen.
Goal oriented with high standards for quality and performance.
Strong research, analytical, and problem solving skills.
Bachelor's degree or equivalent work experience desired, preferably 2-4 years in IT Operations, Information Security, Audit or Risk Management.
Excellent writing skills with experience drafting procedural level documents.
Professional certification (CISSP, CISA, CRISC, Security+) or a reasonable expectation to obtain the certification.
Baldwin & Lyons, Inc.