IT Security Specialist (GRC) at Clearcover
Clearcover is the smarter car insurance company. We use powerful technology to offer everyday drivers better coverage for less money. We’re proud to be one of the fastest growing startups in Chicago, and we’re currently looking to add a few more extraordinary people to our team.
What is an IT Security Specialist (GRC)?
The IT Security Specialist - Governance, Risk, Compliance (GRC) will lead IT GRC activities at Clearcover and partner with the Legal and Compliance teams on a regular basis. The role will provide oversight, governance, and guidance to ensure the company's operations are conducted according to company security policies and controls as well as legal and regulatory requirements. The IT Security Specialist (GRC) will have ownership of IT risk management and be a key driver of compliance.
What will you do?
- Work with the security leadership to establish policies, governance and other security protocols.
- Create a security first culture by developing security awareness programs and adoption across the organization.
- Conduct internal audits and control assessments.
- Conduct risk assessments of third party vendors.
- Design and build metrics and dashboards to track audit results, vulnerabilities, and risks.
- Stay current on changes in legislation, accreditation standards, and threats that affect information security.
- Assist in developing a full GRC program to protect our business, including current situation assessment, proposed future state, and multi-year deployment roadmap.
- Act as a trusted advisor for security related questions and concerns.
What do you need?
- 3+ years of experience working in IT Governance, Risk, Compliance, or Audit
- Solid understanding of industry regulations, standards, and frameworks.
- NIST 800-53
- NIST CSF
- NIST RMF
- ISO 27001
- CIS Controls & Benchmarks
- Sarbanes Oxley
- SOC 2
- Familiarity implementing GRC for public market companies (Sarbanes-Oxley)
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Experience with evaluating and designing people processes and procedures to reduce cybersecurity risks.
- Experience with evaluating the effectiveness and use of both technical and non-technical security and IT controls.
- Strong oral, written, reporting and presentation skills.
Nice to haves?
- Insurance industry experience.
- Experience working for a cloud-native company.
- Experience with implementing GRC tools.
- Working knowledge of IT infrastructure, including, but not limited to operating systems, networking, storage, communication protocols, vulnerability management.
What's in it for you?
- Unlimited PTO, we hire adults
- Equity for all employees, so you own a piece of the pie too
- Dental and Vision, we've got you covered 100%
- Medical, we cover the vast majority of your premiums to make the cost of you and your family's coverage affordable. Plus, we contribute to your HSA and HRA (cha-ching)
- We invest in your future by contributing 3% of your salary to a 401(K), even if you don't
- Come to work pre-taxed through our FSA commuter benefits
- and yes, we have unlimited LaCroix, beer, snacks and the occasional ice cream social (for once we’re back in the office)
Clearcover is an Equal Opportunity Employer (EOE) that welcomes and encourages all applicants to apply regardless of age, race, color, religion, sex, sexual orientation, gender identify and/or expression, national origin, disability, veteran status, marital or parental status, ancestry, citizenship status, pregnancy or other reasons prohibited by law.