Hybrid Information Security Analyst
Santa Ana, California
Company SummaryJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for seven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.
Information Security Analyst
Responsible for performing information security and business continuity risk assessments on third-party service providers (vendors) and monitoring and reporting on the remediation of deficiencies.
- Completes comprehensive information security risk assessments on potential and existing third-party service provider relationships.
- Evaluates third-party service provider engagements to asses, identify, and articulate areas of risk.
- Act as a liaison between business owners and third-party service providers to complete risk assessment activities and to establish and track acceptable risk mitigation actions.
- Participates in identifying process requirements and for specific business needs.
- Creates and generates reports; researches and analyzes data and reports trends to management/ business partners.
- Keeps abreast of industry and third-party risk security management practices and advancements and incorporates that knowledge into daily work activities.
- Coordinates, monitors or otherwise performs periodic vendor performance reviews for adherence to contractual SLAs.
- Identifies/receives problem, researches alternatives, prepares presentations, drives resolutions, gains consensus, and implements solutions for defined business processes.
- Under general supervision, oversees a small to medium scale projects or phases of a larger project.
- Maintains strict confidentiality in all matters dealing with information security matters deemed confidential by management.
- Works on problems of moderate scope where analysis of situations and information requires a review of a variety of factors and considerations.
- Exercises judgment within defined procedures and practices to determine appropriate action.
- Follows department processes and procedures and may make recommendations to these processes.
- Achieves set objectives.
- Errors may cause potential third-party information security risk to the organization.
Supervision Received or Extended
- Works under general supervision of management.
- Actively contributes to the results of a team and works towards achieving team goals and objectives.
- Uses expertise of more senior level department members and leverages additional resources to achieve goals and objectives.
- No responsibility for the supervision of others.
Knowledge and Skills/Technology Used
- Must have working knowledge of compliance regulations (GLBA, FFIEC, GDPR, CCPA, SOX, HIPPA, OCC), and Information Security governance standards and control frameworks; strong analysis, independent decision making skills and ability to work effectively with all levels of the organization.
- Generally requires a BS Degree in Computer Science, Information Technology, or equivalent work experience.
Typical Range of Experience
- Must have minimum 3 years information security experience.
- Must have 2+ years of experience performing third-party information security risk assessments or audits.
- Experience in defining third-party risk management strategy and implementing frameworks.
- Experience in developing audit and risk assessment reports.
- Experience in managing vendor relationships.
License or Certification
- Certification: CTPRP, CTPRA, or CISSP preferred
Pay Range: $69,900 – $97,100 annually
This hiring range is a good faith and reasonable estimate of the salary range of possible compensation at the time of the posting, and is subject to change. The actual compensation offered will be determined by various factors, which may include a candidate’s education, training, experience, and geographic location.
#LI-BH1First American invests in its employees' development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.