Information Security Analyst

Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We DoResponsible for performing information security and business continuity risk assessments on third-party service providers (vendors) and monitoring and reporting on the remediation of deficiencies.

What You'll Bring

• Completes comprehensive information security risk assessments on potential and existing third-party service provider relationships.
• Evaluates third-party service provider engagements to asses, identify, and articulate areas of risk. 
• Act as a liaison between business owners and third-party service providers to complete risk assessment activities and to establish and track acceptable risk mitigation actions.
• Participates in identifying process requirements and for specific business needs.
• Creates and generates reports; researches and analyzes data and reports trends to management/ business partners.
• Keeps abreast of industry and third-party risk security management practices and advancements and incorporates that knowledge into daily work activities.
• Coordinates, monitors or otherwise performs periodic vendor performance reviews for adherence to contractual SLAs.
• Identifies/receives problem, researches alternatives, prepares presentations, drives resolutions, gains consensus, and implements solutions for defined business processes.
• Under general supervision, oversees a small to medium scale projects or phases of a larger project.
• Maintains strict confidentiality in all matters dealing with information security matters deemed confidential by management.

What You'll Bring

• Must have minimum 3 years information security experience.
• Must have 2+ years of experience performing third-party information security risk assessments or audits.
• Experience in defining third-party risk management strategy and implementing frameworks.
• Experience in developing audit and risk assessment reports.
• Experience in managing vendor relationships.
• Generally requires a BS Degree in Computer Science, Information Technology, or equivalent work experience.
• Works on problems of moderate scope where analysis of situations and information requires a review of a variety of factors and considerations.
• Exercises judgment within defined procedures and practices to determine appropriate action.
• Follows department processes and procedures and may make recommendations to these processes.
• Achieves set objectives.
• Errors may cause potential third-party information security risk to the organization.
• Works under general supervision of management.
• Actively contributes to the results of a team and works towards achieving team goals and objectives.
• Uses expertise of more senior level department members and leverages additional resources to achieve goals and objectives.
• No responsibility for the supervision of others.
• Must have working knowledge of compliance regulations (GLBA, FFIEC, GDPR, CCPA, SOX, HIPPA, OCC), and Information Security governance standards and control frameworks; strong analysis, independent decision-making skills and ability to work effectively with all levels of the organization.
• Generally requires a BS Degree in Computer Science, Information Technology, or equivalent work experience.

License or Certification

Certification: CTPRP, CTPRA, or CISSP preferred 

Salary Range: $72,100.00-$96,100.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location

What We OfferBy choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.