GRC Security Analyst II, Third Party Risk

As a GRC Security Analyst II, Third-Party Risk , you’ll be responsible for supporting the security aspects of all third-party partnerships, helping drive program visibility throughout the company. This includes managing and executing the third-party cyber risk assessment process, from initial third-party intake through tracking and remediation of technical, operational, and contractual issues resulting from partnerships. You will be required to interact with multiple departments across the company, including Hagerty’s external partners, presenting yourself as a trusted partner in Hagerty’s security department. You will also work with key stakeholders throughout the company, including Contracts, Vendor Management, Enterprise Risk, Legal, and Privacy teams to improve existing work processes related to third parties, as necessary. 

Ready to get in the driver’s seat? Join us!

What you’ll do 

• Information Security Risk Assessments of Vendors and other Third Parties. 

• Develop and mature the cyber risk assessment process, using tooling and automation to scale the process to fit Hagerty’s current and upcoming growth. 

• Actively integrate cyber risk management concepts and capabilities into third party-related initiatives throughout day-to-day operations. 

• Identify and define criteria for key data attributes, and drive collection of key data attributes to operationalize the inventory of third party-related data. 

• Proactively find upcoming security and organizational trends to improve the data attributes gathered during third party cyber risk assessments. 

• Build out and mature processes within the third-party cyber risk management process to help reduce Hagerty’s risk surface area presented by third parties, including the capabilities to track third party risks identified during the assessment process throughout the risks’ lifecycle. 

• Improve the consistency of operations through the creation of documentation, including playbooks, procedures, standards and more. 

• Develop and recommend Key Performance Indicators and Key Risk Indicators that show alignment with organizational Objectives and Key Results. 

• Collaborate and cross train with the rest of the GRC team functions. 

• Support the Security Team as needed through other duties that may be assigned. 

This might describe you 

• Proven experience in a information security discipline 
• Working knowledge of regulatory requirements, such as PCI-DSS, SOX, and SOC 
• Working knowledge of control frameworks and security best practices, such as ISO 27001 and NIST 
• Strong interpersonal and communications skills; ability to work in a team environment, ability to foster strong relationships with key stakeholders across multiple business groups 
• Ability to work independently and in a well-organized way with minimal direction, self-starter and self-motivated 

Pluses  

• Bachelor’s degree in IT, computer science, information security or a related field  
• Experience in GRC domains 
• Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA) or equivalent 
• Experience building and implementing technical and risk management components within security systems  
• Relevant experience in planning, administering, developing or delivering solutions in GRC platforms (e.g. ServiceNow, RSA Archer, OneTrust, or equivalent)  

Other Things to Note  

• This role can be worked from any U.S. remote location. Normal work hours are 8-4pm Eastern Time Zone Monday – Friday, with rotating after hours requirements during a security incident or event.  
• Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable. For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable. 

Say hello to Hagerty 

Hagerty is an automotive enthusiast brand and the world’s largest membership organization. Along with being a best-in-class provider of specialty insurance for enthusiasts, Hagerty is also home to the Hagerty Drivers Foundation, Garage + Social, Hagerty Drivers Club, Marketplace and so much more. Committed to saving driving for future generations, each and every thing Hagerty does is dedicated to the love of the automobile. 

Hagerty is a rapidly growing company that values a winning culture. We provide meaningful work for and invest in every single team member. 

At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age, or car preference.  We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world. 

If you reside in the following jurisdictions: California, Colorado, District of Columbia, Hawaii, Illinois, Maryland, Minnesota, Nevada, New York, New Jersey, Ohio, Rhode Island, Vermont, Washington, or Canada please email recruiting@hagerty.com for compensation, comprehensive benefits and the perks that set us apart.  

#LI-Remote  

US Benefits Overview

Canada Benefits Overview

UK Benefits Overview

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!