Sr. It Risk Security Analyst

Job Description

Symetra has an exciting opportunity to join our Customer Relationship Management team as a Sr. IT Risk Security Analyst!

 

With its headquarters in Bellevue, Washington, Symetra has over 2000 employees with more than $60 Billion in assets. Established in 1957, we are well positioned to execute on our growth plans.

 

At Symetra, we're focused on building solutions which can help more people gain financial freedom. We are disrupting the Insurance industry. We won the 2021 Gartner Eye on Innovation Award for Financial Services and the 2022 Celent Model Insurer Award. We're creating new products to redefine the industry, and we invite you to join us in the adventure! This is a unique opportunity to innovate and bring dependable solutions with delightful user experiences to our customers.

 

About the role

As the Senior IT Risk and Security Analyst (RSA) you are a critical member of the Information Security Officer's (ISO's) team. You will act as an interface between IT, Audit Services and the business for overall IT risk management. You must be able to understand our current IT Control environment including IT General Controls and ISO 27001 Information Security Critical Controls while improving our risk posture. And you'll coordinate with several stakeholders including the business, audit services, and IT to manage, evaluate and remediate issue

 

What you will do

• Risk Management Liaison: Provides consulting services to the IT organization regarding risk and control on a wide range of projects and corporate initiatives. Leads risk committee activities within the Information Security Risk and Assurance Forum. Identifies risks, and where possible, design and implement controls to mitigate risks. Maintains and mature overall risk management policy and charter documentation. Supports risk management and security communication, awareness and training for audiences, which may range from senior leaders to field staff. Provides support and guidance for legal and regulatory compliance efforts, including audit support. Identifies, calculates and remediation risk across the enterprise. Keeps current and increases knowledge in the areas of IT auditing, information security, software tools, and business and company priorities. Plans and performs value-added reviews of information security, business and operational systems and IT operations. Owner of managing the risk management and control tools (currently SharePoint). Leads yearly IT risk assessment.
  
• IT Audit Consultant: Responsible to develop and maintain the IT General Controls (Sarbanes-Oxley) program’s and ISO 27001 critical security controls, which includes ensuring IT general controls are designed and operating effectively. Determines in scope IT applications and documenting reasoning of scope determination. Identifies key and sub-key controls. Oversees remediation efforts as required. Proactively evaluates and influences possible changes as needed. Has ability to analyze data and set audit scopes, select valid samples, document and analyze results. Maintains all appropriate documentation to ensure that all programs are sustainable.
  
• Operational Support: Establishes transparent and concise reporting while maintaining strong relationships with IT management, financial management, Audit Services, key auditors and internal IT clients. Provides key monthly issue reporting to executive leadership. Is able to partner and lead well across the company with IT and business partners. Provides direction and guidance to control owners/working group leads for all audit issues, including training of the SOX program and any other audit activities.
  
• Third Party Vendor Support: Provides oversight of Symetra’s third party IT service providers. Implements appropriate monitoring controls. Conducts considerable analysis to understand any third party new technology and systems to interpret risks propose and implement solutions. Conducts reviews of technical and application systems installed or being considered. Assists and guides the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.

What we offer you

Benefits and Perks

We don’t take a “one-size-fits-all” approach when it comes to our employees. Our programs are designed to make your life better—both at work and at home.

• Flexible full-time or hybrid telecommuting arrangements
• Plan for your future with our 401(k) plan and take advantage of immediate vesting and company matching up to 6%
• Paid time away including vacation and sick time, flex days and ten paid holidays
• Give back to your community and double your impact through our company matching

Want more details? Check out our Symetra Benefits Overview.

Salary Range: $73,200 - $122,000 plus eligibility for the company annual bonus program target of 5%.

 

RequirementsYour experience and skills

• 3+ years of demonstrated work experience in a related field.
• BS/BA degree in a related field and advanced level PC skills including specific technical skills detailed above.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks [Substitute as appropriate].
• Knowledge of the following: GAAP, Sarbanes-Oxley, or COSO.
• Professional certification such as CISA, CFE, CISSP or GIAC. (Preferred)
• Excellent written and oral skills.
• Ability to communicate highly technical issues to non-technical audiences and demonstrated leaderships and supervisory skills.
• Experience working with legal, audit and compliance staff.
• In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls. Experience developing and maintaining policies, procedures, standards and guidelines.