Enterprise Security Compliance Analyst III in WFH-North Carolina at National General Insurance

Date Posted: 9/19/2021

Job Snapshot

Job Description

Primary Purpose:

The Information Security Analyst III is a senior level position responsible for ensuring that National General Policies and processes adhere to regulatory and legal compliance standards such as PCI, SOX, HIPAA, and ISO Cybersecurity Frameworks. The Compliance Analyst will work with the other members of the team to enhance business practices, internal controls and performs other review related activities to support the execution of the department's annual assessment plan.

Essential Duties and Responsibilities:

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

  • Work with Security Architects, Security Analysts, Security Administrators and other IT and business departments to enhance/develop and review procedures and controls to meet IT compliance requirements
  • Support the planning and execution of control assessments related to HIPAA, PCI, NY DFS, MARS-E and other industry/regulatory requirements as well as common security frameworks such as NIST, ISO, and HITRUST
  • Collect and document business requirements for process identification/improvement/automation efforts
  • Contribute to the development of process improvements
  • Apply knowledge of key regulations to influence assessment scope
  • Perform testing (including walkthroughs), takes ownership to complete clear and well-organized assessment papers that appropriately document the work performed, uses root cause analysis for problem solving and communicates potential issues timely to supervisor
  • Evaluate risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans
  • Formulate appropriate conclusions regarding the adequacy of internal controls and procedures based on the assessment work performed and knowledge of company operation, drafts well written, clear and concise finding reports and participates in presenting the findings to the Enterprise Risk & Compliance management
  • Monitor the implementation of corrective action plans with first and second lines of defense and presents updates to the findings to the Enterprise Information Risk & Compliance management
  • Conduct assessments of vendors against NIST controls while documenting remediation items and working with vendors until items have reached a satisfactory level of risk

Minimum Skills and Competencies:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • 8+ years substantive experience as a Compliance Assessor or Auditor with a licensed financial institution or a regulatory compliance examiner with a federal or state financial services regulator
  • Bachelor’s degree in Computer Science or Computer Information Systems or related or equivalent experience
  • Demonstrated knowledge of HIPAA, PCI, SOX, ISO27000 and NIST Cybersecurity Frameworks
  • Excellent communication and writing skills
  • Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
  • A strong ability to multi-task and manage varying priorities and projects
  • Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and non-technical staff
  • The ability to provide support after normal business hours as needed
  • Proficient in Microsoft Office (Word, Excel, Outlook, PowerPoint)

Desired Skills:

  • CIA, CISSP, CISA, CISM, CCRISC, or CGEIT certifications
  • GRC Tool, Tripwire Enterprise, Tripwire IP360, Nessus, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS
  • Experience with high-level programming languages (e.g. Java, C, C++, C#, python) and web application development (JavaScript, PHP, ASP)
  • Knowledge of SQL & Oracle dB’s

#LI-AB1

#LI-Remote

National General Holdings Corp. is an Equal Opportunity (EO) employer – Veterans/Disabled and other protected categories. All qualified applicants will receive consideration for employment regardless of any characteristic protected by law. Candidates must possess authorization to work in the United States, as it is not our practice to sponsor individuals for work visas.

In the event you need assistance or accommodation in completing your online application, please contact NGIC main office by phone at (336) 435-2000.

Job Requirements

About National General Holdings:

National General Holdings Corp., a member of the Allstate family of companies, is headquartered in New York City. National General traces its roots to 1939, has a financial strength rating of A– (excellent) from A.M. Best, and provides personal and commercial automobile, homeowners, umbrella, recreational vehicle, motorcycle, supplemental health, and other niche insurance products. We are a specialty personal lines insurance holding company. Through our subsidiaries, we provide a variety of insurance products, including personal and commercial automobile, homeowners, umbrella, recreational vehicle, supplemental health, lender-placed and other niche insurance products.

National General is a fast paced, dynamic, and entrepreneurial organization. Our team members live by and exemplify what we call the 4Es. At National General, we are Energized, Engaged, Empowered, and we Execute every day in order to provide an exceptional experience for our customers! We are passionate about our organization and the value that we add every day. A successful candidate with National General will embody the 4Es. Our team is poised to outperform the competition. We are National General Insurance and with us you can be extraordinary! Come join our team!

Companies and Partners

Direct General Auto & Life, Personal Express Insurance, Century-National Insurance, ABC Insurance Agencies, NatGen Preferred, NatGen Premier, Seattle Specialty, National General Lender Services, ARS, RAC Insurance Partners, Mountain Valley Indemnity, New Jersey Skylands, Adirondack Insurance Exchange, VelaPoint, Quotit, HealthCompare, AHCP, NHIC, Healthcare Solutions Team, North Star Marketing, Euro Accident.

In addition to a phenomenal career opportunity, National General Insurance offers an excellent benefits package including:

• Paid Training
• Medical, Dental, Vision benefits
• Wellness Programs
• Life and Short/Long Term Disability Insurance
• 401k w/ Company Match
• Company Paid Holidays & Generous Time-off policy
• Employee Discount Program
• Career Advancement and Development Opportunities
• On-site Healthcare Clinic (Winston-Salem and Cleveland offices)
• On-site Fitness Center (Cleveland and Dallas offices)
• Subsidized parking (Cleveland office)

National General Holdings Corp. is an Equal Opportunity (EO) employer – Veterans/Disabled and other protected categories. All qualified applicants will receive consideration for employment regardless of any characteristic protected by law. Candidates must possess authorization to work in the United States, as it is not our practice to sponsor individuals for work visas.

In the event you need assistance or accommodation in completing your online application, please contact NGIC main office by phone at (336) 435-2000.