We help the world see new possibilities and inspire change for better tomorrows. Our analytic solutions bridge content, data, and analytics to help business, people, and society become stronger, more resilient, and sustainable.

Working as part of a team, the analyst will leverage various sources of data to classify and assess the security program and associated practices of Verisk Analytics suppliers, highlight risks and control gaps associated with the supplier's security program, categorize the potential risks based on severity, and identify potential mitigation strategies. The position is also responsible for translating the results of the analysis into business consumable format and delivering those results to business, legal, and procurement teams to guide risk decisions.
Additionally, the analyst will be responsible for identifying and tracking continuous monitoring activities to ensure the risks associated with active suppliers has not changed or exceeded risk tolerance thresholds.
The Analyst will also participate in cross-functional teams to address information security policy/risk or compliance issues. Analyst is expected to determine best practices, suggest how to improve current practices, and monitor those practices.

Key Responsibilities (include but are not limited to the following):

• Conducts information security assessments of suppliers (third party vendors and cloud services) including advising management on how to mitigate any identified risks
• Support the evolution and continuous improvement of vendor risk assessment processes including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of suppliers
• Keeps abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management
• Advises business on any changes requested by third parties to security and privacy provisions of our contracts
• Performs third party compliance risk tracking, trending, analysis, and executive reporting
• Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks resulting from third party applications, systems, and infrastructure
• Advises procurement and project teams on vendor assessment requirements and performs vendor risk assessments for new vendors or services
• Analyzes, designs, and implements business processes and requirements to ensure compliance with security policies and procedures
• Provides consultation and facilitation support services to Verisk in information security matters, compliance with the security policy, privacy, and other control mechanisms used by Verisk
• Performs complex analysis of major business issues and proactively searches for and recommends sustainable solutions utilizing established methodology and tools within information security areas
• Leads process improvement and solution discussions and presents outcomes in written and verbal format to senior management within information security areas
• Participates in cross-functional team initiatives and projects

Education and Experience:
• Bachelor's Degree in Computer Science, Information Systems, or other related field, or equivalent combination of work experience and education
• 3 to 5 years of relevant work experience (ex. information security, risk management and compliance)
• Industry recognized certifications within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.) considered a plus but not a requirement

Knowledge and Skills:
• Detailed knowledge applying risk management frameworks such as NIST, FISMA, or ISO 27000
• Subject matter expertise in SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vender risk assessment methodologies
• Comprehensive knowledge of third party lifecycle management and vendor risk management methodologies, including associated regulatory and industry guidance
• Broad knowledge of information security and privacy fundamentals
• Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization
• Working knowledge of Governance, Risk, and Compliance (GRC) and IT Vendor Risk Management tools
• Proficient in the design and implementation of effective information security controls
• Ability to create new processes to improve security and compliance with minimal oversight
• Strong organizational and prioritization skills to handle multiple priorities
• Advanced analytical , problem solving, design, and implementation skills to facilitate resolution of technical compliance issues and support maintenance of an effective controls environment
• Ability to work with diverse workgroups on information security risk assessments, exceptions and remediation
• Acute attention to detail with a high level of data integrity and accuracy
• Broad knowledge of the principles of data collection and analysis, business requirements, process improvement criteria, and performance metrics review techniques
• Excellent computer skills including Microsoft Office along with various other online applications, as needed for the role

#LI-LM03
#LI-Hybrid

For over 50 years, Verisk has been the leading data analytics and technology partner to the global insurance industry by delivering value to our clients through expertise and scale. We empower communities and businesses to make better decisions on risk, faster.

At Verisk, you'll have the chance to use your voice and build a rewarding career that's as unique as you are, with work flexibility and the support, coaching, and training you need to succeed. 

For the eighth consecutive year, Verisk is proudly recognized as a Great Place to Work® for outstanding workplace culture in the US, fourth consecutive year in the UK, Spain, and India, and second consecutive year in Poland.  We value learning, caring and results and make inclusivity and diversity a top priority.  In addition to our Great Place to Work® Certification, we’ve been recognized by The Wall Street Journal as one of the Best-Managed Companies and by Forbes as a World’s Best Employer and Best Employer for Women, testaments to the value we place on workplace culture.

We’re 7,000 people strong.  We relentlessly and ethically pursue innovation. And we are looking for people like you to help us translate big data into big ideas. Join us and create an exceptional experience for yourself and a better tomorrow for future generations.

Verisk Businesses

Underwriting Solutions — provides underwriting and rating solutions for auto and property, general liability, and excess and surplus to assess and price risk with speed and precision

Claims Solutions — supports end-to-end claims handling with analytic and automation tools that streamline workflow, improve claims management, and support better customer experiences

Property Estimating Solutions — offers property estimation software and tools for professionals in estimating all phases of building and repair to make day-to-day workflows the most efficient

Extreme Event Solutions — provides risk modeling solutions to help individuals, businesses, and society become more resilient to extreme events.

Specialty Business Solutions — provides an integrated suite of software for full end-to-end management of insurance and reinsurance business, helping companies manage their businesses through efficiency, flexibility, and data governance

Marketing Solutions — delivers data and insights to improve the reach, timing, relevance, and compliance of every consumer engagement

Life Insurance Solutions – offers end-to-end, data insight-driven core capabilities for carriers, distribution, and direct customers across the entire policy lifecycle of life and annuities for both individual and group.

Verisk Maplecroft — provides intelligence on sustainability, resilience, and ESG, helping people, business, and societies become stronger

Verisk Analytics is an equal opportunity employer.

All members of the Verisk Analytics family of companies are equal opportunity employers. We consider all qualified applicants for employment without regard to race, religion, color, national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran's status, age or disability.

http://www.verisk.com/careers.html

Unsolicited resumes sent to Verisk, including unsolicited resumes sent to a Verisk business mailing address, fax machine or email address, or directly to Verisk employees, will be considered Verisk property. Verisk will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.

 HR CCPA Privacy Notice.pdf