FBS Information Security Analyst (Remote)

FBS – Farmer Business Services is part of Farmers operations with the purpose of building a global approach to identifying, recruiting, hiring, and retaining top talent. By combining international reach with US expertise, we build diverse and high-performing teams that are equipped to thrive in today’s competitive marketplace.

We believe that the foundation of every successful business lies in having the right people with the right skills. That is where we come in—helping Farmers build a winning team that delivers consistent and sustainable results.

Since we don’t have a local legal entity, we’ve partnered with Capgemini, which acts as the Employer of Record. Capgemini is responsible for managing local payroll and benefits.

What to expect on your journey with us:

• A solid and innovative company with a strong market presence

• A dynamic, diverse, and multicultural work environment

• Leaders with deep market knowledge and strategic vision

• Continuous learning and development

Summary:

Our Information Security Analyst
Consistently applies foundational to moderately complex risk-based methodologies in order to identify, communicate and mitigate separate and distinct cybersecurity risks that may be negligible, low or medium severity. Provides sound recommendations based on best practices to data owners, users and senior leaders on security countermeasures and controls for most types of risks to systems and data. Monitors critical security tools and platforms. Independently performs a high volume of common to intermediate security risk assessments, leads response to security incidents, and recognizes and escalates security violations with a wide breadth of impact to the organization.

The EVRA team (External Vendor Risk Assessment), part of the FIS (Farmers Information Security) team performs cybersecurity assessments of the company's vendors, suppliers, and third parties. We perform about 400 assessments a year, and provide the business with recommendations based on a risk-based analysis of each supplier's respective security posture.

Responsibilities:

• Perform basic to intermediate security reviews, identify high risk gaps in security architecture, and develop security risk management plans.

• Demonstrate knowledge of related disciplines in IT and assurance.
• Identify, assess, document, and articulate emerging or complex data security and data privacy risks. Identify and articulate appropriate innovative countermeasures and controls to address data security and data privacy risks.
• Coordinate and manage the overall service provided to a customer end-to-end. Understand how the role integrates with other teams in order to interface with senior leaders of Global Shared Services teams while ensuring consistent levels of service.
• Serve as lead point of contact while performing day-to-day administration of security platforms.
• Promote security awareness by advising data owners, data custodians, and senior leadership on security best practices and security policies. Assess threats and vulnerabilities of all computer systems to develop security risk profiles and exercises strong judgement based on multiple inputs.
• Lead gathering evidence for security compliance reviews, security assessments, or cybersecurity incidents and events.
• Recognize high risk security violations and take appropriate action to report and resolve incidents.
• Conduct third party data security risk assessments, project security assessments, business risk assessments, and security testing for all types of company systems.
• Serve as primary lead for assigned security projects and initiatives by providing unique and creative perspectives to improve solutions.
• Serve as liaison between technical and non-technical departments, as well as manage relationships with vendors and contractors in a way that builds consensus.
• Participate in audits of cyber programs and projects. Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
• Demonstrate ownership of assigned audit actions or regulator requests by diligently providing responses and evidence within established timeframes.
• Identify security requirements specific to most information technology (IT) systems in all phases of the system life cycle.
• Validate data collected for security reporting. Communicate the value of information technology (IT) security throughout all levels of the organization.

Technical & Business Skills:

• CISSP, CISM, CISA, CRISC, CIPP or equivalent Certification (Desirable)
• CompTIA Security+ Certification upon hire (Preferred)
• Advanced Excel
• Microsoft 365 Suite
• Quickbase

This position comes with a competitive compensation and benefits package.

• A competitive salary and performance-based bonuses.

• Comprehensive benefits package.

• Flexible work arrangements (remote and/or office-based).

• You will also enjoy a dynamic and inclusive work culture within a globally renowned group.

• Private Health Insurance.

• Paid Time Off.

• Training & Development opportunities in partnership with renowned companies.