Information Security Analyst

Job Description

We are Farmers! 
Join a team of diverse professionals at Farmers to acquire skills on the job and apply your learned knowledge to future roles at Farmers. Farmers Insurance also offers extensive training opportunities through the award winning University of Farmers named by Training magazine amongst top 10 corporate training units in the world. Start your career at Farmers today! 
Job Summary 
The Information Security Analyst will perform third party vendor security risk assessments, wherein they will analyze the security posture of our vendor relationships to ensure they align with Farmers security controls. Analysts will be introduced to a risk-based methodology that will enable them to identify a broad range of cybersecurity and data privacy risks among the organization's suppliers and vendors. Analysts will develop skills to identify and advise on security countermeasures and controls; learn best practices; learn to perform complex security risk assessments; build knowledge of corporate security policies; and learn to recognize security violations. Analysts will play a critical role in managing Farmers data security risks.  
Essential Job Functions  
  • Manage the end-to-end lifecycle for a portfolio of vendor security risk assessments, each with different priorities, requirements, start dates, and deadlines.
  • Lead interviews with vendor representatives and Farmers stakeholders in order to validate the scope of the vendor's services and the impact on the security and privacy of Farmers' data.
  • Demonstrate flexibility by employing adaptive lines of inquiry during interviews in order to capture the nuance and unique characteristics of each vendor relationship.
  • For each assessment, review a wide range of vendor questionnaire responses, scrutinize findings and gaps, and summarize the overall risk of the vendor engagement.
  • Develop competencies to identify security risks across various security domains, such as cybersecurity, application security, physical security, secure software development lifecycle, cryptography, access controls, network security, governance, and compliance.
  • Generate conclusion reports for each assessment, complete with highlighted gaps, vendor remediation plans, compensating controls and overall conclusion whether or not to proceed with the engagement.
  • Throughout the lifecycle of each assessment, ensure all Farmers stakeholders, such as requestors, contract managers, and project managers, receive consistent and clear status updates.
  • Track post-assessment gap remediation by the vendor. Learn to effectively communicate data security risks to both IT and business stakeholders, in order to master tailoring messaging to both technical and non-technical audiences.
Physical Actions 
Required job duties are essentially sedentary work consisting of occasional walking, standing and lifting and/or carrying 10 lbs. maximum, and seeing.
Physical Environment 
Required job duties are normally performed in a climate controlled office environment.
Education Requirements 
University degree CISA, CISM or CISSP certifications is a plus, or some must be acquired within 12 months of hire. 
Experience Requirements 
1-3 years in IT Security/IT Operations, or equivalent positions. 
Special Skill Requirement 
Ability to operate using consulting and influencing skills, and able to communicate security-related concepts to a broad range of technical and non-technical staff. Ability to be a change agent to transform and enhance capabilities to meet current and future business drivers. Vendor technology certifications e.g. Cisco, Microsoft preferred  
Farmers is an equal opportunity employer, committed to the strength of a diverse workforce. 

Schedule: Full-time

Job Posting: 04/29/2019