Information Security & Compliance Analyst

Established in 2021, Independence Pet Holdings is a corporate holding company that manages a diverse and broad portfolio of modern pet health brands and services, including insurance, pet education, lost recovery services, and more throughout North America.

We believe pet insurance is more than a financial product and build solutions to simplify the pet parenting journey and help improve the well-being of pets. As a leading authority in the pet category, we operate with a full stack of resources, capital, and services to support pet parents. Our multi-brand and omni-channel approach include our own insurance carrier, insurance brands and partner brands.

The Information Security team at Pets Best  is seeking an experienced Information Security Risk and Compliance Analyst to join our team. The Information Security Risk and Compliance Analyst will play a crucial role in assessing and driving our company’s cybersecurity compliance and overall posture. You will address a range of compliance and regulatory requirements, from SOC 2, SOX, PCI, CCPA, NIST, and ISO for infrastructure, cloud, and network security to application and endpoint protection.

The ideal candidate will specialize in analysis and reporting of compliance requirements, infrastructure risks, and mitigating controls to guide our engineers to reduce risk while driving business forward.  This role requires knowledge of Secure Software Development Lifecycle (SSDLC), OWASP,  Risk Assessment and Auditing, and Project Management. The Analyst role will support secure integration of new systems while collaborating with cross-functional teams to integrate security into all stages of system implementations and management.

The Information Security Risk and Compliance Analyst will work closely with the Security Engineer, IT and Infrastructure teams, Marketing, and Procurement to assess use and movement of data, third-party relationships, control implementation, testing, and reporting.

Location: Remote (US) excluding MA, CA, WA, HI, AK, CO, CT, MT, NY, NJ

Main Responsibilities: 

• Develop, implement, and mature security risk management framework, including risk methodology, analysis, and reporting
• Build relationships with internal and external  business partners to leverage key business metrics and business impacts in our risk analysis, remediation, and mitigation
• Identify evolving risk scenarios for analysis
• Communicate cyber risk to stakeholders in a  timely fashion to inform decision making while managing project timelines and reporting
• Gather, analyze, and report status and metrics on risks
• Develop and mature risk register, management dashboards, and reports to inform risk prioritization, risk remediation, and cyber leadership decision making
• Orchestrate security posture analysis and reporting on all new infrastructure deployments
• Educate, influence and work with technology and platform owners to implement necessary controls and best practices related to identified risks
• Process and escalate security exceptions while assessing risks, mitigating controls, and monitoring strategies for management and business units
• Appropriately assess risk when business and technical decisions are made, demonstrating a security and data privacy mindset
• Develop and implement security training
• Develop security policies, standards, and processes
• Implement and manage third-party security and risk assessment and management processe

Qualifications:

• 5+ years of experience in Security and Risk Analysis
• 5+ years of Security and Compliance Implementation and Project Management
• Bachelor’s Degree in Cyber Security, Computer Science, or related area of study
• Certification such as CISA, CRISC, CGRC
• Strong knowledge of security and compliance frameworks such as NIST, CIS, SOC2, and PCI
• Excellent ability to plan, prioritize, and deliver results cross-functionally while managing project timelines and reporting
• Proficiency discussing complex security and risk topics with technical & non-technical audiences alike (software engineering teams, marketing, procurement, legal and external partners)
• Skilled in analyzing problems, identifying root causes, and providing solutions. Experience with data analysis and reporting tools
• Experience with cyber risk quantification
• Knowledge of secure software development practices, OWASP Top 10, and vulnerability management with expertise in risk identification in solution architecture and design
• Expertise in monitoring and reporting on the effectiveness of risk management initiatives.

All of our jobs come with great benefits including healthcare, parental leave and opportunities for career advancements. Some offerings are dependent upon the location of where you work and can include the following:

• Comprehensive full medical, dental and vision Insurance
• Basic Life Insurance at no cost to the employee
• Company paid short-term and long-term disability
• 12 weeks of 100% paid Parental Leave
• Health Savings Account (HSA)
• Flexible Spending Accounts (FSA)
• Retirement savings plan
• Personal Paid Time Off
• Paid holidays and company-wide Wellness Day off
• Paid time off to volunteer at nonprofit organizations
• Pet friendly office environment
• Commuter Benefits
• Group Pet Insurance
• On the job training and skills development
• Employee Assistance Program (EAP)