Verisk Maplecroft’s data-driven approach to risk enables multinational organizations to understand how and where political, human rights and environmental risks impact their assets, investments, reputations and supply chains. We give our clients the tools to pinpoint and quantify their risk across 150+ issues for any location worldwide, and the expert analysis and advice they need to make better, risk-adjusted decisions that will improve the commercial performance, resilience and sustainability of their business.  To learn more about  please visit us at: www.maplecroft.com  We are proud to be a part of the Verisk family of companies! 

At the heart of what we do is help clients manage risk. Verisk (Nasdaq: VRSK) provides data and insights to our customers in insurance, energy and the financial services markets so they can make faster and more informed decisions.   

Our global team uses AI, machine learning, automation, and other emerging technologies to collect and analyze billions of records. We provide advanced decision-support to prevent credit, lending, and cyber risks. In addition, we monitor and advise companies on complex global matters such as climate change, catastrophes, and geopolitical issues.  

But why we do our work is what sets us apart. It stems from a commitment to making the world better, safer and stronger.  

It’s the reason Verisk is part of the UN Global Compact sustainability initiative. It’s why we made a commitment to balancing 100 percent of our carbon emissions. It’s the aim of our “returnship” program for experienced professionals rejoining the workforce after time away. And, it’s what drives our annual Innovation Day, where we identify our next first-to-market innovations to solve our customers’ problems.   

At its core, Verisk uses data to minimize risk and maximize value. But far bigger, is why we do what we do. 

At Verisk you can build an exciting career with meaningful work; create positive and lasting impact on business; and find the support, coaching, and training you need to advance your career.  We’ve been recognized by Forbes as a World’s Best Employer and a Best Employer for Women, testaments to our culture of engagement and the value we place on an inclusive and diverse workforce. 

Verisk Maplecroft is seeking an Information Security and Compliance Lead who will have overall responsibility for supporting the increasingly complex aspects of data management and security. This role will engage with the wider Verisk Security and Compliance Organization and act as the security and compliance liaison for Verisk Maplecroft. The individual will manage all facets of the function, including cyber-security operations work (tool oversight/review, incident handling and escalations, investigations); compliance initiatives; Information Security awareness campaigns, risk and control assessments, vendor risk assessments, answer client related security questions during the sales cycle, support corporate audits and regulatory reviews; and provide general guidance, assistance and oversight to the organization related to issues that touch upon information security and compliance

Responsibilities

• Design, build, maintain, monitor and enhance security processes that enforce company policy requirements throughout the organization to reduce risk, respond to incidents and limit exposure and liability in all areas of information-related, financial, personal, and reputational harm.
• Support and implement security remediation activities within AWS cloud infrastructure, including AWS configuration rules and Linux OS patching
• Periodic review and assessment of the Operational Monitoring of Information Security Systems, logs, etc. using an array of data-security products and techniques to ensure compliance with policies, industry standards, client contractual obligations and regulatory compliance requirements and assist in creation of remediation plans when risks or gaps are identified.
• Assist in the investigation and reporting of any risks related to compliance or cyber security including the assessment and evaluation of emerging risks to determine risk severity level and impact.
• Continually liaise with Verisk Information Security to help align strategy, policies, and technologies.
• Assist with Information Security assessments and audits requested by regulatory agencies or clients and in the design and/or implementation of remediation plans for Information Security and IT for gaps or risks identified.
• Provide additional response to questions sourcing from internal client requests for information concerning information security posture of Maplecroft.
• Report to Maplecroft and Verisk leadership concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance with policy.
• Implement, and ensure adherence to, compliance requirements and data privacy regulations such as GDPR across the organization.
• Collaborating on critical cross-department/company projects to ensure that security issues are addressed throughout the project lifecycle.
• Ensure that security and privacy is factored into the evaluation, selection, installation and configuration of our technology partners, software and development lifecycle.
• Plan, develop and deliver security awareness training and education programs to educate staff on how to safeguard information against accidental or unauthorized modification, destruction, or disclosure of critical information.
• Assist commercial teams on client-related security and compliance requests, such as security questionnaires, RFP responses and ad hoc client enquiries.
• Assist Maplecroft teams on projects and initiatives and help to mentor team members to improve their skills and provide guidance and support related to security and compliance.

#LI-RO3

• A strong understanding of the business impact of security tools, technologies, policies as well as Data Protection
• Proficiency in performing Third Party risk, business impact, control and vulnerability assessments.
• Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
• Certified Information Systems Security Professional (CISSP) certification or ISEC certificate in data protection is an advantage.
• Background in working with organizations with large data processing
• Bachelor’s degree in computer science, information technology, Law or a related field preferred
• Minimum of three years of Information Security experience
• Prior experience as a team leader/manager preferred. Experience managing projects a plus.
• The ability to interact with a broad range of stakeholders, build strong relationships at all levels and across all business units and organizations, and understand business imperatives
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organisation, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols and industry best practices.
• Prior experience in and good knowledge of information risks, concepts, principles and industry standards, such as: NIST, PCI, PHI, PII, ISO 27001, HIPAA/HITECH and OWASP.
• Working knowledge and understanding of privacy laws and guidelines with respect to Data Protection+ Good practice associated with working in a complex technology environment
• Experience performing risk assessments using frameworks such as industry standard control sets, methodologies etc.
• Experience developing, documenting, and maintaining security processes, procedures and transforming policy requirements and industry standards into actual practice.
• Experience with AWS cloud and cloud security, including cloud config rule management and patching services such as EC2.
• Strong knowledge of network and systems infrastructure, including routers, switches, firewalls, VPNs, terminal servers, device ACL configuration, etc.

Verisk Analytics is an equal opportunity employer.

All members of the Verisk Analytics family of companies are equal opportunity employers. We consider all qualified applicants for employment without regard to race, religion, color, national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran's status, age or disability.

http://www.verisk.com/careers.html

Unsolicited resumes sent to Verisk, including unsolicited resumes sent to a Verisk business mailing address, fax machine or email address, or directly to Verisk employees, will be considered Verisk property. Verisk will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.

Consumer Privacy Notice