IT Security Risk Analyst
About CCC
At CCC, it’s all about connectivity we are a provider of innovative cloud, mobile, telematics, hyperscale technologies and services for the automotive, insurance, and collision repair industries. Our solutions and big data insights are delivered through our CCC ONE™ platform, which connects 350+ insurance companies, 24,000+ repair facilities, original equipment manufacturers, hundreds of parts suppliers, and dozens of third-party data and service providers. Our platform, carwise.com , provides access to car-related services for millions of consumers. Auto Injury Solutions Inc., also a CCC company, provides casualty solutions to auto insurers for the handling of first and third-party claims. In short, our collective set of solutions make connected car, vehicle, and accident data actionable, informing decision-making, enhancing productivity, and helping customers deliver faster and better experiences for end consumers.
Job Description Summary
As an IT Security Risk Analyst, you will support the development of a comprehensive information security risk management program aligning with ISO/IEC frameworks and perform information security risk assessments across the CCCIS technology spectrum.
Job Duties
- Perform information security risk and compliance assessments for new software or services.
- Participate in SOC 2 compliance activities; answer customer security inquiries; use your skills and experience to identify administrative, technical, and physical security controls to mitigate risk; and help move the organization toward ISO/IEC 27001 certification.
- Collaborate with IT architecture and operations, software product development, business units, internal controls, and others to identify risks and recommend secure solutions.
Qualifications
- Four years of experience working with and interpreting regulatory controls or laws impacting information systems technology and/or information system risk assessment as it relates to compliance and security best practices
- Familiarity of cybersecurity standards and frameworks such as ISO/IEC 27001/ISO 27002 or NIST, and understanding of laws and regulations associated with information security and privacy such as HIPAA, CCPA, GDPR, PCI, etc.
- Ability to communicate effectively with both technical and non-technical audiences at various levels within the organization
- Analysis, decision making, problem solving and customer service skills
- Strong writing and presentation skills
- A broad understanding of information technology and related security controls
- Ability to work independently and within a team environment
- Keen attention to detail
Preferred Qualifications
- Bachelor’s degree in Computer Science, Engineering, Computer/Information Technology, Accounting or Information Systems Audit and Control, or Information Security
- In lieu of degree, a combination of relevant experience in system architecture, application development, systems administration or certification or progress toward a designation in information security, risk, or compliance (e.g., CISSP, CISA, CISM, CRISC, GIAC, CIPP/IT) may be substituted
- Project management experience