Sr Cybersecurity Governance Analyst
The Sr. Security Governance Analyst is responsible for executing defined activities for security, privacy and risk. The role supports the application of security policies and standards across the company, including software engineering, finance, operations and IT. The role supports and enhances risk-based security governance processes within the company and ensure alignment with the internal security and business priorities, as well as external regulatory priorities. Annual projects and deliverables are established using company business goals and strategies, and communicated by the Sr. Director of IT Security, and the Director Strategy, Governance, Risk & Compliance.
Key Job Responsibilities and Accountabilities:
Demonstrates strong understanding of information technology systems, business processes, security regulation, risk management, and security vulnerabilities;
Identifies and evaluates complex technology risks, and internal controls which mitigate risks, and related opportunities for internal control improvement;
Participates in periodic and on-demand system audits, risk assessments, and third-party security reviews to ensure that business partners, applications, networks, and infrastructure components adhere to security policies and standards;
Performs Security Program assessments to determine adherence to Cybersecurity Strategy and business goals;
Develop, disseminate, and manage security metrics to be used in monitoring and improving the company’s security posture and decision-making;
Work jointly to maintain processes within and relevancy of the Governance, Risk, and Compliance (GRC) system;
Maintains currency of the risk register;
Understands and remains current on regulatory issue and practices;
Researches and evaluates current or emerging security technologies to support organizational cyber security objectives;
Advises on acceptable mitigating controls related to Policy and Standard Exceptions ensuring they are documented, including mitigating security controls, necessary approvals, and exception duration;
Performs periodic evaluations of CNO’s technical security standards against internal standards and industry best practices;
Performs IT risk related special projects and tasks; and
Completes all other duties as assigned.
Skills, Knowledge and Abilities:
Broad knowledge of security risk concepts and implications, and the ability to apply these concepts into a practical plan;
Excellent communication skills, both written and verbal, for interacting with leadership throughout the company;
Ability to drive for results while balancing multiple priorities and projects.
Education and Experience:
BA or BS degree in Information Systems, Computer Science, or other Business-related discipline required
CISA, CISSP, CRISC, or other relevant Information Security certifications preferred
Typically a minimum of five to seven years of related experience
CNO Financial is an Equal Opportunity Employer and Affirmative Action Employer. For more information, please click the following link:
Equal Employment Opportunity is the Law (English)
Equal Employment Opportunity is the Law (Spanish)
Right to Work Poster (English)
Right to Work Poster (Spanish)
As you explore job openings at CNO, please keep in mind that CNO will never ask you to provide payment-related information at any part of the employment application process. And CNO will communicate with you only through emails that are sent from a CNOinc.com or BankerLife.com email address.
If you receive an email purporting to be from CNO that asks for payment-related information or any other personal information, please contact law enforcement and report the email to myHR@CNOinc.com.