This job is expired.
Full Job Description
CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for an IT Security Governance Analyst! Join us and support CSAA IG in achieving our goals.
Your Role:
Support the development, implementation, and maintenance of our security governance framework. Participate in educating staff on their responsibilities/accountabilities in aligning controls with the approved requirements. Manage security policies, standards, and procedures to ensure alignment with regulatory requirements and industry best practices.
Your work:
• Maintain a policy management life cycle that effectively aligns CSAA IG's cybersecurity policies and standards with the company's requirements.
• Collaborate with security, IT, legal, and business stakeholders to ensure policies, standards, and procedures are regularly reviewed.
• Align and map authoritative sources such as NIST, COBIT, ITIL, PCI to internal standards to ensure governance documentation supports selected frameworks.
• Maintain a centralized repository of security documentation and ensure version control and access permissions are properly managed.
• Monitor regulatory and compliance developments (MAR, NYDFS, PCI-DSS, etc.) and assess impact on organizational policies, standards, and procedures.
• Assist in preparing for internal and external audits, including providing evidence of compliance with policies and standards.
• Assist in the development and deployment of controls assurance testing against standards and procedures.
• Participate in information security and risk management projects with staff from the IT organization and business unit teams.
• Support maintenance of GRC platform software and systems.
• Contribute to business and technical strategy around GRC future direction.
Required Experience, Education and Skills
• 5+ years' experience in business continuance risk management/mitigation along with IT work experience in a broad range of exposure to systems analysis, application development, database design and administration
• Bachelor's degree in related area (Computer Science, Information Systems or other related field) or an equivalent combination of education and experience
What would make us excited about you?
• Experience working with NIST800-53 framework
• Ability to manage and execute numerous parallel activities in a fast-paced, dynamic environment
• Ability to build and maintain constructive working relationships with a diverse community throughout the organization.
• Ability to communicate well in both writing and speaking to influence both technical and non-technical audiences.
• Ability to create non-functional requirements and translate business requirements into non-functional requirements
• Solid grasp of Governance Risk and Compliance methodologies
• Ability to trace given transactions through a complex system and document how systems and overlapping processes interact
• Working knowledge of industry practices and CSAA IG policies and the ability to develop a clear understanding of the company's key functional processes and resources
• Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
• Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
• Travels as needed for role, including divisional / team meetings and other in-person meetings
• Fulfills business needs, which may include investing extra time, helping other teams, etc
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
COMMIT to being there for our customers and employees.
CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaa-insurance.aaa.com/us/en/benefits](https://careers.csaa-insurance.aaa.com/us/en/benefits)
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer.
#LI-SB1
Your Role:
Support the development, implementation, and maintenance of our security governance framework. Participate in educating staff on their responsibilities/accountabilities in aligning controls with the approved requirements. Manage security policies, standards, and procedures to ensure alignment with regulatory requirements and industry best practices.
Your work:
• Maintain a policy management life cycle that effectively aligns CSAA IG's cybersecurity policies and standards with the company's requirements.
• Collaborate with security, IT, legal, and business stakeholders to ensure policies, standards, and procedures are regularly reviewed.
• Align and map authoritative sources such as NIST, COBIT, ITIL, PCI to internal standards to ensure governance documentation supports selected frameworks.
• Maintain a centralized repository of security documentation and ensure version control and access permissions are properly managed.
• Monitor regulatory and compliance developments (MAR, NYDFS, PCI-DSS, etc.) and assess impact on organizational policies, standards, and procedures.
• Assist in preparing for internal and external audits, including providing evidence of compliance with policies and standards.
• Assist in the development and deployment of controls assurance testing against standards and procedures.
• Participate in information security and risk management projects with staff from the IT organization and business unit teams.
• Support maintenance of GRC platform software and systems.
• Contribute to business and technical strategy around GRC future direction.
Required Experience, Education and Skills
• 5+ years' experience in business continuance risk management/mitigation along with IT work experience in a broad range of exposure to systems analysis, application development, database design and administration
• Bachelor's degree in related area (Computer Science, Information Systems or other related field) or an equivalent combination of education and experience
What would make us excited about you?
• Experience working with NIST800-53 framework
• Ability to manage and execute numerous parallel activities in a fast-paced, dynamic environment
• Ability to build and maintain constructive working relationships with a diverse community throughout the organization.
• Ability to communicate well in both writing and speaking to influence both technical and non-technical audiences.
• Ability to create non-functional requirements and translate business requirements into non-functional requirements
• Solid grasp of Governance Risk and Compliance methodologies
• Ability to trace given transactions through a complex system and document how systems and overlapping processes interact
• Working knowledge of industry practices and CSAA IG policies and the ability to develop a clear understanding of the company's key functional processes and resources
• Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
• Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
• Travels as needed for role, including divisional / team meetings and other in-person meetings
• Fulfills business needs, which may include investing extra time, helping other teams, etc
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
COMMIT to being there for our customers and employees.
CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaa-insurance.aaa.com/us/en/benefits](https://careers.csaa-insurance.aaa.com/us/en/benefits)
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer.
#LI-SB1
Job Information
Job Category:
Information Technology
Spotlight
Employer
Related jobs

Coordinating Producer, Student Media Productions
Emerson College
Join our community and experience Emerson College!The Coordinating Producer, Student Media Productions leads the College’s most visible student media platforms: the EVVY Awards and the Emerson Media N...
Jul 17, 2025
Boston, MA

Digitization Intern
Emerson College
Join our community and experience Emerson College!This 12-week internship (18 hours per week, $25/hour) offers a valuable experience for current graduate students pursuing degrees in library and infor...
Jul 17, 2025
Boston, MA
Medical Assistant (Tigard)
AFC Urgent Care
**WE DO URGENT CARE DIFFERENTLY - Come See How!**
Welcome to AFC Urgent Care Tigard -- where we're flipping the script on healthcare culture! Think supportive teammates, open leadership, and real oppo...
Jul 17, 2025
Tigard, OR