About the role….
Policygenius continues to disrupt the insurance industry by delivering innovative technology-driven experiences. Our talented yet humble team is dogma-free and data driven. We are relentless in our drive to reliably deliver outstanding products and services at scale. We are growing fast, but we can go further faster with experienced, collaborative, challenge-seeking people like yourself.
As the Senior Governance, Risk & Compliance (GRC) Information Security Analyst you will assist our growing InfoSec team to further develop and manage the information security risk management program. You are a self-driven, team player who understands the intricacies of risk and regulations and business operations, and can find the right approach to implement an effective, compliant and business supported GRC program. You can work with the business and technical teams, helping them identify and mitigate risks. You help developers, data scientists, analysts, and managers find opportunities as a business enabler, to improve the security risk posture of Policygenius .
This individual will have the mindset of a business partner and enabler who is seen as a trusted adviser and partner for various departments and teams. You will be able to educate, provide guidance, and help drive a risk appreciation for information security and compliance throughout the company.
In this role, you will…
- Conduct external and internal security risk assessments, rank security risks, articulate risk in terms of business impact, and suggest reasonable strategies to mitigate risks
- Liaise closely with legal, business leaders, engineering, and third parties
- Provide support to the governance risk and compliance management program to achieve certifications such as SOC2, ISO 27001/27002, NIST, PCI-DSS and others as appropriate
- Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments and audits
- Provide Information Security consulting and security awareness education to the business
- Develop, maintain, and enforce strong information security policies and procedures
We'd love to hear from you if…
- You have 3+ years of experience in information compliance, risk, or audit functions
- Possession of or ability to obtain professional certifications in information security or risk management, such as a CRISC, CISA or CISSP
- Basic knowledge of security and control frameworks, such as NIST CSF, SOC2, COBIT, and ISO 27001.
- Strong knowledge of current security threats and a self desire to stay current on threat trends
- You have evidence of strong partnerships across the business and technology teams
- You have strong communication skills and the ability to comfortably and effectively articulate security and risk related concepts to technical and non technical audiences.
- You have the ability to thrive in a fast-paced environment
- You have experience working in an agile environment
- You have successfully driven the development and implementation of a technical vision
- You have a good understanding of information security risks in a cloud-native environment
You can expect...
- Company-paid health, dental, vision, life & disability insurance
- 401(k) plan, FSA & commuter benefits
- Generous PTO
- Training, mentorship and coaching from leadership
- The opportunity to grow alongside a company shaking up a big, old-fashioned industry
- Fun, diverse, open-minded coworkers
- Dog companionship!!!
Policygenius is America's leading online insurance marketplace. We launched in 2014 and made our mark as an early insurtech pioneer. Our mission is to help people get financial protection right — and feel good about it — and we make it easy for our customers to understand their options, compare quotes, and buy insurance, all in one place. We’ve helped more than 30 million people shop for all types of insurance like they shop for everything else — online — and have placed over $60 billion in coverage. In early 2020, we announced our Series D funding round of $100 million, bringing our total funding to just over $150 million.
At Policygenius, we’re proud of building an environment that encourages our teammates to bring their authentic selves to work. Despite rapid growth (we’ve doubled in size year over year!), we’ve continuously maintained our inclusive culture through humility, hard-work, and humor, and we're looking for more people with grit, collaborative attitudes, and creative problem-solving skills to join our team. Come see why we’ve been voted one of Inc. Magazine's "Best Workplaces" four years in a row!
Diversity at Policygenius
Policygenius believes differences should be celebrated and is committed to building a team as diverse as the customers we serve. We welcome different perspectives and opinions to foster innovation, authenticity, and excellence across all parts of our company, and are committed to providing employees with a work environment free of discrimination and harassment.
As an Equal Opportunity Employer, Policygenius highly encourages applicants from all walks of life. All employment decisions at Policygenius are based on business needs, job requirements and individual qualifications without regard to actual or perceived race, color, sex, pregnancy, sexual orientation, gender identity or expression, age, national origin, political affiliation or belief, religion, disability, uniformed service, marital status or any other status protected by law.
Come join the team!