Analyst, IT Security Risk Assessment
Lincoln Financial Group
Alternate Locations: Atlanta, GA (Georgia); Concord, NH (New Hampshire); Fort Wayne, IN (Indiana); Greensboro, NC (North Carolina); Hartford, CT (Connecticut); Omaha, NE (Nebraska); Philadelphia, PA (Pennsylvania); Radnor, PA (Pennsylvania); Rolling Meadows, IL (Illinois)
Relocation assistance is not available for this opportunity.
About the Company
Lincoln Financial Group, a Fortune 250 company with over 10,000 employees, provides advice and solutions that help empower Americans to take charge of their financial lives with confidence. Our core business areas â€” Life Insurance, Annuities, Retirement Plan Services and Group Protection â€” focus on supporting, preserving and enhancing over 17 million customerâ€™s lifestyles and retirement outcomes.
Headquartered in Radnor, Pennsylvania, Lincoln Financial Group is the marketing name for **MEMBERS ONLY**SIGN UP NOW***. (NYSE: LNC) and its affiliates. The company had $253 billion in assets under management as of December 31, 2017.
Ranked one of the Best Large Employers in America by Forbes magazine, Lincoln Financial Group makes a serious investment in our employeesâ€™ futures through a broad range of wealth accumulation and protection plans, health and wellness programs, and career development resources designed to help each individual reach their personal and professional goals.
This position will conduct information security risk assessments on parties external to Lincoln Financial Group (Lincoln) in order to ensure that information security risks associated with those relationships are within acceptable tolerances. In addition, she/he will help Lincoln develop new business and maintain existing customer relationships by responding to requests from external parties concerning Lincoln's own information risk management practices.
Determine information security risk profiles for various vendor and business partner services using questionnaires and knowledge of Lincoln policy and relevant industry best practices and standards.
Clearly and professionally communicate information security risks associated with external party services to Lincoln business unit personnel and business leaders.
Assess external party information security controls to ensure they meet or exceed Lincolns information security risk management requirements for the services to be provided.
Recommend solutions to eliminate, reduce, or mitigate risk, and communicate said solutions to both external parties and internal business stakeholders.
Record pertinent documentation and communications for all assessments in Lincolns online information technology (IT) governance, risk, and compliance platform.
Report status of engagements to Information Security management, project managers, and other business stakeholders as appropriate.
Determine the priority and scope of requests from external parties for information concerning Lincolns information security practices.
Respond to incoming requests from external parties for information concerning Lincolns information security practices by providing appropriately scoped and accurate information in a timely and professionally written manner.
4 Year/Bachelors Degree or equivalent work experience (4 years of experience in lieu of Bachelors) in (Minimum Required)
3 - 5 Years of experience in IT audit, information security, or information risk management that directly aligns with the specific responsibilities for this position. (Required)
Possession and continual application of the following character traits: dependability, integrity, decisiveness, tact, courage, enthusiasm, and sound judgement.
Working knowledge of common information security concepts, practices, and technologies, including best practices for:
Network defense and secure network design
Network, operating system, and application vulnerability management
Secure software development
Logging and monitoring
Identification, authentication, and authorization mechanisms
Account provisioning, review, and de-provisioning
Data loss prevention
General knowledge of industry standard security frameworks, including the NIST Cybersecurity Framework.
General knowledge and understanding of regulatory compliance mandates concerning data protection, including HIPAA, GLBA, and various state laws and regulations.
General knowledge of IT audit and assessment concepts and practices.
General knowledge of common web application vulnerabilities preferred.
Industry certification preferred, including but not limited to CISSP or CISM.
Prior insurance or financial services industry experience preferred.
This position may be subject to Lincolnâ€™s Political Contribution Policy. An offer of employment may be contingent upon disclosing to Lincoln the details of certain political contributions. Lincoln may decline to extend an offer or terminate employment for this role if it determines political contributions made could have an adverse impact on Lincolnâ€™s current or future business interests, misrepresentations were made, or for failure to fully disclose applicable political contributions and or fundraising activities.
Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Lincoln Financial Group are considered property of Lincoln Financial Group and are not subject to payment of agency fees.
Lincoln Financial Group (â€œLFGâ€) is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, veterans status, or genetic information. Applicants are evaluated on the basis of job qualifications. If you are a person with a disability that impedes your ability to express your interest for a position through our online application process, or require TTY/TDD assistance, contact us by calling ~~~.
Lincoln Financial Group (LFG) is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, veterans status, or genetic information. Opportunities throughout LFG are available to employees and applicants and are evaluated on the basis of job qualifications. We have a drug free work environment and we perform pre-employment substance abuse testing.