Internal Auditor I
Vertafore is a leading technology company whose innovative software solution are advancing the insurance industry. Our suite of products provides solutions to our customers that help them better manage their business, boost their productivity and efficiencies, and lower costs while strengthening relationships.
Our mission is to move InsurTech forward by putting people at the heart of the industry. We are leading the way with product innovation, technology partnerships, and focusing on customer success.
Our fast-paced and collaborative environment inspires us to create, think, and challenge each other in ways that make our solutions and our teams better.
We are headquartered in Denver, Colorado, with offices across the U.S., Canada, and India.
JOB DESCRIPTION
The IRM Security Analyst provides expertise with regards to securing applications, the infrastructure, and countermeasure directions. The IRM Security Analyst will perform and operate security assessments and reports, as well as recommend solutions for securing company intellectual property, client data, and both cloud and on-premise infrastructure.
The IRM Security Analyst must use their knowledge and understanding of software language and database controls, network appliances and servers, and other technologies, involving any aspect of the company's portfolio of businesses. This position will support security risk assessments and is primarily responsible for identifying and mitigating risks in all organizational applications and infrastructure services.
Core Requirements and Responsibilities:
· Tactical Assistance
· Ensure web applications, APIs, and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC2 and other security frameworks as applicable
· Assist and support the company's information security framework, policy, procedures, standards, and guidelines to conform to all security best practices and regulatory compliance requirements
· Review IT and company controls, perform duties related to incidence response with security team members
· Work with business partners to ensure fulfillment of application security needs and ensure overall application security effectiveness
· Participate in source code reviews and provide assessments of changes to application design and architecture prior to release to production
Audits and Investigations
· Analyze security risks and recommend mitigating and compensating security controls
· Facilitate penetration testing and ethical hacking
· Assist with investigations of potential security violations and/or breaches and perform as part of company Incident Response teams
· Support security risk assessments, vulnerability assessments, ethical hacking, and technical compliance audits
Security Awareness and Training
· Perform and implement security awareness training to staff
· Help develop and deliver training around secure development lifecycle and secure coding practice
· Stay current with security posture by monitoring security events
· Assist auditors for SOC and other compliance requirements
· Edit and audit standard operating procedures as required
Knowledge, Skills and Abilities:
· Information security certifications (1 Required):
o Comptia Security+, Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), GIAC security certification, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISP), Certified Information Systems Security Professional (CISSP)
o Information technology certifications (preferred): Microsoft, Cisco, or VMware
Qualifications:
Minimum Qualifications:
· Bachelor's degree and/or minimum of three (3) years' experience performing information security related work
· Required 3 years' experience performing security risk assessment services; vulnerability, web application, penetration testing, social engineering, and wireless services
· Experience with risk analysis and network vulnerability assessment methodologies
· Experience monitoring and analyzing infrastructure security events including events, SIEM tools, logs, and reports from intrusion prevention systems (IPS), firewalls, and other security products
· In-depth knowledge of security measures, best practices, and security technologies
· Ability to research and implement new information systems to improve or replace existing systems
· Must possess the ability to assess potential problems and make sound judgments around issues that may have an adverse effect on the business
· Skilled in handling sensitive situations
· High level of emotional intelligence
· Ability to work well under pressure
· Ability to work independently and collaboratively with others to achieve defined goals
· Excellent communication skills
· Outstanding analytical and organizational skills and attention to detail
· Ability to maintain high level of confidentiality
THE VERTAFORE STORY
Over the past 50 years, Vertafore has advanced the entire insurance distribution channel with the best software solutions in the industry. Today, we're proud to say hundreds of thousands of Vertafore users rely on our solutions to write business faster, reduce costs, and fuel growth by increasing collaboration and streamlining processes. Vertafore leads the industry with secure, cloud-based mobile products that provide superior reporting and analytics, delivering actionable insight- right when customers need it most. We partner with other leading technology companies to deliver comprehensive solutions to improve the way our customers do business and serve their customers.
The Vertafore Way
Insurance is about relationships, and technology should make those relationships stronger. That's why, at Vertafore, it's our mission to transform the way the industry operates by putting people at the heart of insurance technology. By focusing on our customers, becoming better every day, and delivering results you can see, we provide the level of trust and security that insurance is all about.
· Bias to Action: We're united by an innate drive to take action and make a difference in the technology and insurance spaces.
· Win Together: We work together as one team, showing empathy and respect along the way.
· Show Up Curious: We work to challenge one another to push boundaries and think beyond the box.
· Say It, Do It: We honor every one of our commitments because integrity is important to us.
· Customer Success is Our Success: We cultivate authentic relationships and follow up by actively listening to their needs.
· We Love Insurance: We appreciate the impact insurance has on the world.
Is this role not an exact fit for you? Keep an eye on our Careers Page for other positions!
Vertafore is a drug free workplace and conducts preemployment drug and background screenings.
The selected candidate must be legally authorized to work in the United States.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all the job responsibilities, duties, skill, or working conditions. In addition, this document does not create an employment contract, implied or otherwise, other than an "at will" relationship.
Vertafore strongly supports equal employment opportunity for all applicants regardless of race, color, religion, sex, gender identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, sexual orientation, genetic information, or any other characteristic protected by state or federal law.
We do not accept resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.