Employer: Aflac
Job Summary
- Supports management to help ensure compliance objectives are met in the Global Security Division.
- Works closely with the business to understand activities and to advise on whether those activities meet Global Security policies and standards.
- Collaborates with the business and other Global Security stakeholders to evaluate the risk, work through mitigation strategies and follow governing processes through proper channels of awareness and/or approval.
- Supports the creation and maintenance of governing documents.
- Creates documentation of Global Security’s risk landscape and performs detail review of Analyst level testing and documentation prior to submission.
- Identifies remediation plans and follows through to completion. Assures regulatory requirements are met.
Principal Duties & Responsibilities
- Supports the development and adoption of up-to-date information security policies, standards and procedures with regulatory requirements and best practices across all Aflac subsidiaries and companies
- Researches, plans, implements, and monitors compliance systems and initiatives and helps oversee the protection of organizational assets
- Helps in researching and interpreting regulations and laws to establish compliance standards, and may develop and/or deliver training and communications/change management relative to new standards
- Assesses organizational systems to determine gaps in compliance and determine opportunities for remediation and planned sustainment
- Assists in investigating violations of compliance policy, laws, regulations, etc. or conduct on-going monitoring and reporting to ensure remediation
- Responsible for project management relative to new compliance initiatives, products, or annual processes and may conduct assessments and report on control efficacy, suggest/implement treatment and remediation approaches as well as suggest compensating approaches
- Support, manage, and ensure adequate coverage of corporate information security policies with information security legal requirements, regulatory mandates, and related industry benchmarks.
- Support information security related exams, audits, customer requests, and business line needs.
- Supports the creation and continuous currency of a Global Risk Assessment as required by FFIEC and NY DFS; understands and contributes to inventory of risk register tracking, scoring and associated risk statements. Supports reporting of Global Security risk through US and Global Risk Committees
- Conducts compliance and policy/standards risk assessments; requests and analyzes documentation necessary to perform appropriate assessment
- Documents risk exceptions, risk acceptances or informational updates as required, tracks for appropriate remediation plan and to closure and provides clear and concise risk assessment results
- Develops and maintains regional and global policy exceptions, risk acceptance and policy violation processes
- Provides evidence and coordinates responses for audits, regulatory reviews and controls testing
- Reviews responses to Analyst level staff responses to security questionnaires in support of regulatory reviews, sales cycles and other inquiries
- Ensures issues identified by internal or external audits, compliance assessments, operational testing, or other methods are remediated, appropriately tested and tracked to resolution. Assists in presenting non-remediated issues at appropriate committee levels commiserate with risk
- Performs operational control testing for the department, documenting and remediating issues. Responsible for operationalizing test scripts for assigned controls as part of the Control Assurance Program (CAP)
- Performs other duties as required
Education & Experience Required
- Minimum Required Bachelor’s Degree Computer Science, Information Systems, Information Security, Risk Management or any policy or legal related field Preferred Certification CISA, CISM, CISSP
- Minimum Required Six or more years of relevant work experience in IT Compliance, Risk Management or other related
Or an equivalent combination of education and experience.
Job Knowledge & Skills
- Knowledge of information security policies and principles of information handling and protection
- Strong working knowledge of applicable laws, regulations and industry standards related to compliance and risk management, including guidance documents and enforcement history affecting the life sciences and/or healthcare industries, strongly preferred. Examples include subject matter expertise and drive enhancements for one or more security information security compliance authoritative sources (Gramm-Leach-Bliley Act, FFIEC IT Handbooks, HIPAA, Sarbanes-Oxley (SOX), etc.).
- Understanding of the regulatory landscape and changes affecting the Global Security program
- Understanding of risk management methodology identifying: threat, vulnerability, likelihood, impact, and security controls and counter-measures
- Ability to prepare and present situational updates to varying levels of leadership and varying technical experience
- Knowledge of developing and consistently reporting against metrics to identify and measure process outputs and process maturity
Competencies
- Acting with Integrity
- Communicating Effectively
- Pursuing Self-Development
- Serving Customers
- Supporting Change
- Supporting Organizational Goals
- Working with Diverse Populations