Coterie is hiring for a Senior Information Security Analyst to help design, build, and operationalize several areas of security, risk, and compliance. In this role, you will pair with our Chief Information Security Officer and other members of the Coterie team to assess current state, recommend security controls based on the NIST Cybersecurity Framework, assist teams in the implementation of those controls, and then track those controls to ensure they are operating effectively, automating that collection whenever possible. In this role you will also be key in designing and building a robust and risk based Third Party Security program. If you are passionate about risk reduction and having the ability to influence and build a risk and compliance program, this is the right role for you!
- Passionate about Risk-Based Cybersecurity programs and enabling the business to operate in a secure and compliant manner.
- Contribute to Coterie’s cybersecurity strategy and plan.
- Execute risk assessments including scoping, threat and risk scenario identification, and all aspects of the risk assessment process. Identify areas of opportunity to reduce residual risk to a level consistent with risk appetite, and collaborate with CISO and other security team members to build out the security capability road map.
- Consult on projects and make security control recommendations and assist teams in control design, implementation and tracking.
- Strong desire to drive efficiencies, make risk based decisions, implement automation, and recommend and track meaningful KPIs and KRIs.
- Development and administration of Coterie’s Information Security Program documents including policies, standards and controls library.
- Contribute to the design and building of a comprehensive third party risk management program.
- Work collaboratively and help build a strong cybersecurity team.
- Passion for Information Security and Risk Management.
- 3+ years of experience in Information Security and/or Risk and Compliance.
- Experience in identifying risk, and then designing and implementing security capabilities to address those risks.
- Experience in designing controls (capabilities) and measures to determine if controls are operating effectively.
- Experience with security frameworks such as the NIST CyberSecurity Framework.
- Strong written and verbal communication skills including the ability to translate technical topics to non-technical audiences.
- Ability to prioritize and manage various project and operational deliverables.
- Willing to be flexible to support the team as needed
- Experience managing security projects including timelines and deliverables.
- Experience with compliance regulations (examples include PCI, HIPAA, NY DFS Regulation 500, NAIC model laws, privacy)
- Experience with an Integrated Risk Management technology (also known as a GRC platform).
- Experience working within or building a third party risk management program.
- Certifications such as CISSP, GIAC certifications, Security+ or other related/relevant certifications.
- Health insurance through Aetna (we pay 100% of premiums)
- Dental (Guardian Dental) and vision insurance (Guardian+VSP) (we pay 100% but there are limits)
- Unlimited PTO. We expect you to take at least 80 hours during the year not including most bank/federal holidays. We also encourage the celebration of personal holidays and important family events.
- Basic Life Insurance
- Flexible Spending Account (FSA)
- Continuing Education Stipend
- 100% Remote
- A culture with a deep belief in intentionality, inclusion, and treating you like the professional you are.
Our HQ is in Montgomery, Ohio, but we operate as a 100% digital business which makes it easy to work remote as your role allows.