FNF is seeking an Cyber Policy Analyst to join its Information Security Office (ISO) in their Jacksonville, FL office (remote option is available). This position will be reporting to the Senior Manager - Governance and will be responsible for monitoring compliance with FNF information security policy and analyzing exceptions to policy for compensating controls. The position will contribute to policy and standard updates and reviews.
An ideal candidate will have both a broad security background of security concepts and technologies.
• Work with technology and business partners on their requirements and provide insight, interpretation and guidance on information security policies and standards. Also, maintain strong understanding of inherent and residual risk along with information security controls.
• Analyze policy exceptions to determine risk and impact to company and communicate the resulting information in both written and verbal formats to stakeholders.
• Act as a subject matter expert in governance risk and compliance systems to document and record risks and decisioning to provide holistic risk perspective.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
• Act as an information security policy subject matter expert (SME) for reviewing, analyzing, and recommending changes to existing agency information security policies based on trends, industry standards, and best practices. Act as the primary point of contact (POC) for policy analysis and facilitate policy discussions with ISO and related stakeholders as needed.
• Develop strategies for recognizing security governance needs and embedding them into our company processes and procedures.
• Partner with business stakeholders to educate our staff and evangelize security policies, standards and principles at all levels of the organization.
• Interface with our clients to identify the security controls needed to protect their valuable data, and create strategies for implementing or maintaining these controls in our environments.
• Document and support knowledge transfer to ISO community for policy-related lessons learned, best practices, standards, and requirements.
• Research best practices, identify gaps and areas for improvement, and develop and maintain the information security policies.
• Maintain the GRC solution with updates to the information security policies and standards.
• Maintain strong knowledge of security-related regulations and standards (e.g. HIPAA, NYDFS, PCI DSS, and NIST) and security control structures (e.g. ISO 27001/27002).
- 4 year degree in information security, IT or related field
Broad understanding of overall information security concepts and technologies
• Bachelor’s degree and 2 years of relevant work experience or a comparable combination of education, training, and experience.
• Minimum of 2 years of demonstrated experience in one or more of the following:
o Regulatory compliance
o Policy development
o Risk assessment or information technology audit
o Technical writing and documentation, including writing for a less technical audience
• Strong analytical and problem-solving skills.
• Excellent communication (oral, written, presentation), interpersonal, and consultative skills.