The security compliance analyst position will provide and serve as a resource for security and compliance related tasks and projects. This role will develop, support and execute processes that enforce Assurant security policies and standards, regulatory requirements, contractual agreements/obligations and any other IT related security compliance or privacy requirements.

Primary Job Responsibilities

70% - Compliance Support

• Conduct regular assessments to ensure compliance with cybersecurity regulations, standards, and industry best practices.
• Support the development of policies, procedures, and controls to address cybersecurity compliance requirements.
• Coordinate and participate in internal and external audits related to IT security compliance.
• Identify and assess risks to information assets and recommend mitigation strategies to address compliance gaps.
• Collaborate with IT and business stakeholders to implement security controls and remediate compliance issues.
• Monitor changes in regulations and standards to ensure ongoing compliance and recommend updates to policies and procedures as necessary.
• Prepare and maintain documentation, reports, and evidence of compliance activities for audit purposes.
• Provide guidance and training to staff on cybersecurity policies, procedures, and compliance requirements.
• Assist with incident response activities and investigations related to cybersecurity compliance issues.

30% - Support and maintain systems and processes related to security and compliance functions.

• Participate in audit activities, client audits, state DOI exams, RFP/due diligence reviews, internal audits
• Participate in all audit activities relating to SSAE-18 SOC 1 & 2 and SOX 404 IT audits ensuring work and deliverables in accordance with agreed upon timeframes and departmental procedures, standards, and protocols
• Partners cross-functionally, inter-departmentally and with the internal and external auditors to understand the process from an end-to-end perspective and appropriately and effectively communicates with these partners to understand the status for the corporation as a whole
• Ensures frequent communication of test and/or audit results and analysis on a timely basis to the appropriate stakeholders and senior management within the audit department
• Responsible for staying current on regulatory rules and changes within the industry, with specific focus on SSAE-18 SOC 1 & 2, SOX 404 and communicating industry/professional changes/ developments to the audit department
• Participates in meetings with business unit to discuss test and/or audit scoping, testing progress and results
• Educate Assurant management and staff regarding risks and controls pertaining to security-related concepts, compliance and audit requirements.
• Evaluate, test and plan implementation of new or improved controls to keep Assurant current with industry standards and compliance requirements
• Collaboration with other Assurant (i.e. IAS, Privacy, IT Legal) and industry groups on IT compliance-related issues and concerns
• Recognize trends in security and compliance and emerging risks; making recommendations regarding policy/procedure updates to enable proactive security approach for Assurant
• Manage, support and maintain security and compliance systems.

Qualifications Required

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field. (Master's degree preferred)
• Minimum of 5 years of experience in IT security, compliance, or risk management roles.
• Strong Knowledge of SSAE-18 SOC 1 & 2 and SOX 404 with an emphasis on testing requirements, and IT auditing
• Strong understanding of cybersecurity principles, standards, and frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, GDPR, HIPAA).
• Experience with conducting risk assessments, gap analyses, and compliance audits.
• Familiarity with regulatory requirements such as SOX, PCI DSS, and industry-specific regulations.
• Excellent analytical and problem-solving skills, with the ability to assess complex IT environments and identify compliance issues.
• Strong communication skills, with the ability to effectively communicate technical information to both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced environment.
• Relevant certifications such as CISSP, CISA, CISM, CRISC, or equivalent are preferred.

At Assurant, we celebrate the differences that make us who we are. By assembling extraordinary teams from a variety of races, religions, sexual orientations, gender identities, ages, experiences, and abilities, we’re able to better reflect the global communities where we live and work. By working to remove barriers, we ensure equity for everyone. The pursuit of inclusion rests with each of us. Because it’s only by listening to and representing the unique voices of every individual that we can innovate for all.

For further information about Assurant, please visit our website: https://www.assurant.com/