Global Sec Assurance Consult

The Company:  Aflac Incorporated
The Location: 

Remote, US, 31999

The Division:  Global Security
Job Id:  5948

Salary Range: $55,000 - $140,000


We’ve Got You Under Our Wing

We are the duck. We develop and empower our people, cultivate relationships, give back to our community, and celebrate every success along the way. We do it all…The Aflac Way.


Aflac, a Fortune 500 company, is an industry leader in voluntary insurance products that pay cash directly to policyholders and one of America's best-known brands. Aflac has been recognized as Fortune’s 50 Best Workplaces for Diversity and as one of World’s Most Ethical Companies by


Our business is about being there for people in need. So, ask yourself, are you the duck? If so, there’s a home, and a flourishing career for you at Aflac.


Work Designation. Depending on your location within the continental US, this role may be hybrid or remote.

  • If you live within 50 miles of the Aflac offices located in Columbus, GA this role will be hybrid. This means you will be expected to work in the office for at least 60% of the work week. You will work from your home (within the continental US) for the remaining portion of the work week. Details of this schedule will be discussed with your leadership. 
  • If you live more than 50 miles from the Aflac offices located in Columbus, GA, this role will be remote. This means you will be expected to work from your home, within the continental US. If the role is remote, there may be occasions that you are requested to come to the office based on business need. Any requests to come to the office would be communicated with you in advance.


What does it take to be successful at Aflac?

  • Acting with Integrity
  • Communicating Effectively
  • Pursuing Self-Development
  • Serving Customers
  • Supporting Change
  • Supporting Organizational Goals
  • Working with Diverse Populations


What does it take to be successful in this role?

  • Excellent verbal and written communication skills with strong attention to detail. Proficient in Japanese when directly supporting the Japan CAP team.
  • Experience applying and assessing industry-recognized security standards for Information Security, Physical Security, Business Continuity, Disaster Recovery, Crisis Management, and IT (Asset Management, Configuration Management, Vulnerability Patching)
  • Knowledge and experience in the following:
    • Technology Risk Management concepts and control
    • Managing to regulatory requirements for protecting information assets
    • Global technology organizational concepts
    • Principles and methods of all information security disciplines
    • Knowledge of regulatory protective requirements of personal private information (i.e. FSA, FISC, HIPAA, GLBA, SEC, NYDFS, and financial integrity under Sarbanes-Oxley, etc.)
    • Knowledge of and in-depth experience in the ability to apply industry-recognized security standards
    • Knowledge of cloud computing technologies and security best practices


Education & Experience Required

  • Bachelor’s Degree in Computer Science, Information Security, Cybersecurity, business administration or a related field
  • Five or more years of information technology security experience

Or an equivalent combination of education and experience


Education & Experience Preferred

  • Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)


Principal Duties & Responsibilities

  • Maintain the cybersecurity control library composed of entity, global and regional controls aligned against the NIST Cybersecurity Framework and utilizing NIST 800-53 controls as a basis and share ideas for control enhancements and maturity opportunities
  • Maintain the associated control requirements and meta data for the controls as well as the control mapping to laws, regulations, and industry standards
  • Perform quality review of requests for control requirement changes to ensure proper rigor is consistently in place across all regions
  • Assist with conducting the annual enterprise risk assessment, including maintaining mapping to the controls
  • Assist with facilitating the annual Control Owner attestation process in alignment with CAP's procedures
  • Maintain the control self-testing guidelines which define guidance for Control Owners to perform testing of control design and operating effectiveness
  • Provide guidance to Control Owner as needed regarding testing documentation, evidence, and other supporting material that can be leveraged by the Control Owner to ensure their test conclusion is properly supported for test of design and operation effectiveness
  • As assigned, provide support to regional CAP teams (e.g. Japan CAP) regarding CAP processes
  • Collect remediation plans from Control Owners where control gaps have been identified, and proactively track progress of remediation
  • Assist with facilitation of independent maturity assessments of the Global Security program against the NIST Cybersecurity framework via the oversight of an independent assessment conducted by a third party
  • Identify integration points into enterprise processes as well as with disciplines that are outside of the security department but have security related responsibilities to provide holistic view (i.e. Asset Management, Patch Management, Application Development, Architecture, Infrastructure, Third Party Risk Management, and Physical Security)
  • Assist with producing reporting that is used to communicate the results of attestations and changes affecting the organization's Information Security posture to leadership
  • Apply the organization's risk tolerance and risk management approach in evaluating the security posture, and escalate matters of significance
  • Interface with designated stakeholders that own cybersecurity controls and educate them on their control related responsibilities, including providing guidance on reaching the target maturity for each control in the library
  • Partner with GRC team to effectively utilize GRC solution for assurance related activities and reporting.
  • Align to global security strategies and plans to support the Cyber Assurance Program
  • Performs other duties as required


Total Rewards

This compensation range is specific to the job level and takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to: education, experience, licensure, certifications, geographic location, and internal equity. The range has been created in good faith based on information known to Aflac at the time of the posting.  Compensation decisions are dependent on the circumstances of each case. This salary range does not include any potential incentive pay or benefits, however, such information will be provided separately when appropriate. The salary range for this position is $55,000 - $140,000.


In addition to the base salary, we offer an array of benefits to meet your needs including medical, dental, and vision coverage, prescription drug coverage, health care flexible spending, dependent care flexible spending, Aflac supplemental policies (Accident, Cancer, Critical Illness and Hospital Indemnity offered at no costs to employee), 401(k) plans, annual bonuses, and an opportunity to purchase company stock.  On an annual basis, you’ll also be offered 11 paid holidays, up to 20 days PTO to be used for any reason, and, if eligible, state mandated sick leave (Washington employees accrue 1 hour sick leave for every 40 hours worked) and other leaves of absence, if eligible, when needed to support your physical, financial, and emotional well-being. Aflac complies with all applicable leave laws, including, but not limited to sick and safe leave, and adoption and parental leave, in all states and localities.

Nearest Major Market: Columbus GA