Employer: Aflac

Job Summary

  • Supports management to help ensure compliance objectives are met in the Global Security Division.
  • Works closely with the business to understand activities and to advise on whether those activities meet Global Security policies and standards.
  • Collaborates with the business and other Global Security stakeholders to evaluate the risk, work through mitigation strategies and follow governing processes through proper channels of awareness and/or approval.
  • Supports the creation and maintenance of governing documents.
  • Creates documentation of Global Security’s risk landscape and performs detail review of Analyst level testing and documentation prior to submission.
  • Identifies remediation plans and follows through to completion. Assures regulatory requirements are met.

Principal Duties & Responsibilities

  • Supports the development and adoption of up-to-date information security policies, standards and procedures with regulatory requirements and best practices across all Aflac subsidiaries and companies
  • Researches, plans, implements, and monitors compliance systems and initiatives and helps oversee the protection of organizational assets
  • Helps in researching and interpreting regulations and laws to establish compliance standards, and may develop and/or deliver training and communications/change management relative to new standards
  • Assesses organizational systems to determine gaps in compliance and determine opportunities for remediation and planned sustainment
  • Assists in investigating violations of compliance policy, laws, regulations, etc. or conduct on-going monitoring and reporting to ensure remediation
  • Responsible for project management relative to new compliance initiatives, products, or annual processes and may conduct assessments and report on control efficacy, suggest/implement treatment and remediation approaches as well as suggest compensating approaches
  • Support, manage, and ensure adequate coverage of corporate information security policies with information security legal requirements, regulatory mandates, and related industry benchmarks.
  • Support information security related exams, audits, customer requests, and business line needs.
  • Supports the creation and continuous currency of a Global Risk Assessment as required by FFIEC and NY DFS; understands and contributes to inventory of risk register tracking, scoring and associated risk statements. Supports reporting of Global Security risk through US and Global Risk Committees
  • Conducts compliance and policy/standards risk assessments; requests and analyzes documentation necessary to perform appropriate assessment
  • Documents risk exceptions, risk acceptances or informational updates as required, tracks for appropriate remediation plan and to closure and provides clear and concise risk assessment results
  • Develops and maintains regional and global policy exceptions, risk acceptance and policy violation processes
  • Provides evidence and coordinates responses for audits, regulatory reviews and controls testing
  • Reviews responses to Analyst level staff responses to security questionnaires in support of regulatory reviews, sales cycles and other inquiries
  • Ensures issues identified by internal or external audits, compliance assessments, operational testing, or other methods are remediated, appropriately tested and tracked to resolution. Assists in presenting non-remediated issues at appropriate committee levels commiserate with risk
  • Performs operational control testing for the department, documenting and remediating issues. Responsible for operationalizing test scripts for assigned controls as part of the Control Assurance Program (CAP)
  • Performs other duties as required

Education & Experience Required

  • Minimum Required Bachelor’s Degree Computer Science, Information Systems, Information Security, Risk Management or any policy or legal related field Preferred Certification CISA, CISM, CISSP
  • Minimum Required Six or more years of relevant work experience in IT Compliance, Risk Management or other related

Or an equivalent combination of education and experience.

Job Knowledge & Skills

  • Knowledge of information security policies and principles of information handling and protection
  • Strong working knowledge of applicable laws, regulations and industry standards related to compliance and risk management, including guidance documents and enforcement history affecting the life sciences and/or healthcare industries, strongly preferred. Examples include subject matter expertise and drive enhancements for one or more security information security compliance authoritative sources (Gramm-Leach-Bliley Act, FFIEC IT Handbooks, HIPAA, Sarbanes-Oxley (SOX), etc.).
  • Understanding of the regulatory landscape and changes affecting the Global Security program
  • Understanding of risk management methodology identifying: threat, vulnerability, likelihood, impact, and security controls and counter-measures
  • Ability to prepare and present situational updates to varying levels of leadership and varying technical experience
  • Knowledge of developing and consistently reporting against metrics to identify and measure process outputs and process maturity


  • Acting with Integrity
  • Communicating Effectively
  • Pursuing Self-Development
  • Serving Customers
  • Supporting Change
  • Supporting Organizational Goals
  • Working with Diverse Populations