About CCC

At CCC, it’s all about connectivity we are a provider of innovative cloud, mobile, telematics, hyperscale technologies and services for the automotive, insurance, and collision repair industries. Our solutions and big data insights are delivered through our CCC ONE™ platform, which connects 350+ insurance companies, 24,000+ repair facilities, original equipment manufacturers, hundreds of parts suppliers, and dozens of third-party data and service providers. Our platform, carwise.com , provides access to car-related services for millions of consumers. Auto Injury Solutions Inc., also a CCC company, provides casualty solutions to auto insurers for the handling of first and third-party claims. In short, our collective set of solutions make connected car, vehicle, and accident data actionable, informing decision-making, enhancing productivity, and helping customers deliver faster and better experiences for end consumers.

Job Description Summary

As an IT Security Risk Analyst, you will support the development of a comprehensive information security risk management program aligning with ISO/IEC frameworks and perform information security risk assessments across the CCCIS technology spectrum.

Job Duties

• Perform information security risk and compliance assessments for new software or services.
• Participate in SOC 2 compliance activities; answer customer security inquiries; use your skills and experience to identify administrative, technical, and physical security controls to mitigate risk; and help move the organization toward ISO/IEC 27001 certification.
• Collaborate with IT architecture and operations, software product development, business units, internal controls, and others to identify risks and recommend secure solutions.

Qualifications

• Four years of experience working with and interpreting regulatory controls or laws impacting information systems technology and/or information system risk assessment as it relates to compliance and security best practices
• Familiarity of cybersecurity standards and frameworks such as ISO/IEC 27001/ISO 27002 or NIST, and understanding of laws and regulations associated with information security and privacy such as HIPAA, CCPA, GDPR, PCI, etc.
• Ability to communicate effectively with both technical and non-technical audiences at various levels within the organization
• Analysis, decision making, problem solving and customer service skills
• Strong writing and presentation skills
• A broad understanding of information technology and related security controls
• Ability to work independently and within a team environment
• Keen attention to detail

Preferred Qualifications

• Bachelor’s degree in Computer Science, Engineering, Computer/Information Technology, Accounting or Information Systems Audit and Control, or Information Security
• In lieu of degree, a combination of relevant experience in system architecture, application development, systems administration or certification or progress toward a designation in information security, risk, or compliance (e.g., CISSP, CISA, CISM, CRISC, GIAC, CIPP/IT) may be substituted
• Project management experience