3rd Party Cyber Risk Analyst – Birmingham, AL / Work From Home

The work we do has an impact on millions of lives, and you can be a part of it. We help protect our customers against life’s uncertainties. Regardless of where you work within the company, you’ll be helping provide protection and peace of mind when our customers need it most. The Third-Party Cyber Risk Analyst will support the organization’s third and fourth-party cyber risk management program, helping to ensure that security and regulatory compliance meet the company’s risk standards. In this role, the analyst works closely with internal teams and external vendors to monitor, assess, and help mitigate cyber risks associated with vendor relationships. Responsibilities include assisting with risk assessments, tracking remediation efforts, reporting key metrics to leadership, and contributing to a culture of continuous improvement and security awareness. Key Responsibilities: Support the execution, documentation, and tracking of third-party risk assessments; this includes collecting and reviewing formal and informal security documentation from vendors. Responsible for on/off-boarding vendors into the process, tool, and document repository. Applying a shift-left mentatlity in every vendor lifecycle stage to foster a security and continuous improvement mindset. Monitor the status and maintenance of 3rd-party security reports with controls, risk registers, and remediation activities. Prepare and update basic reports and summaries for management on vendor risk status and compliance activities. Execute and influence positive process changes and test new capabilities in the cyber risk tool. Participate in the collection of evidence and documentation for audits and regulatory reviews. Stay informed about changes in cybersecurity regulations (ie. NYDFS 500) and best practices; escalate relevant updates to senior team members. Escalate issues or risks to senior analysts or management as needed. Participate in security awareness activities, such as training sessions and phishing simulations. Qualifications: 1-2 years’ experience, internship, or coursework in IT security, risk management, compliance, and audit. Understanding of third-party/vendor risk management processes and core risk management terminology. Exposure to audit processes or evidence collection for compliance reviews. Analytical mindset with attention to detail and a willingness to learn new concepts. Project, organizational, and content management skills; ability to manage multiple tasks and deadlines. Effective written and verbal communication skills; able to collaborate with technical and non-technical stakeholders. Ability to prepare and present clear, concise reports and summaries. Awareness of key security and compliance frameworks (e.g., SOC 2, NIST, ISO 27001, PCI, HIPAA, HITRUST, SOX). Basic knowledge of state and federal cybersecurity regulations and standards. Willingness to pursue industry certifications. Preferred: Experience with Microsoft Office Suite; familiarity with tools such as SharePoint, Power BI, ServiceNow, UpGuard, or Archer are a plus. General understanding of IT concepts, including cloud services (IaaS, SaaS, PaaS), network security, and endpoint security. A bachelor’s degree in computer science, information technology, or a related field. Achieved relevant security certifications are a plus, such as: Certified Information Security Auditor (CISA) Certified in Risk Information Systems Controls (CRISC) GIAC Security Essentials or Professional Certification (GSEC/GISP) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Cloud Security Professional (CCSP) Certified Insurance Data Security Professional (CIDSP) CompTIA Security+ #LI-VG1 $68,500 – $80,000 a year Protective’s targeted salary range for this position is $68,500 to $80,000. Actual salaries may vary depending on factors, including but not limited to, job location, skills, and experience. The range listed is just one component of Protective’s total compensation package for employees. Employee Benefits: We aim to protect the wellbeing of our employees and their families with a broad benefits offering. In addition to offering comprehensive health, dental and vision insurance, we support emotional wellbeing through mental health benefits and an employee assistance program. Work/life balance is important and Protective offers a variety of paid time away benefits (e.g., paid time off, paid parental leave, short-term disability, and a cultural observance day). The financial health of our employees is just as important as physical and emotional health. Some of the financial wellbeing benefits include contributions to healthcare accounts, a pension plan, and a 401(k) plan with Company matching. All employees are encouraged to protect their overall wellbeing by engaging in ProHealth Rewards, Protective’s platform to improve wellbeing while earning cash rewards. Eligibility for certain benefits may vary by position in accordance with the terms of the Company’s benefit plans. Accommodations for Applicants with a Disability : If you require an accommodation to complete the application and recruitment process due to a disability, please email [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application and recruitment process. Please note that the above email is solely for individuals with disabilities requesting an accommodation. General employment questions should not be sent through this process. Apply tot his job