Share this Job

Global Sec Gov & Comp Consult

The Company:  Aflac Incorporated
The Location: 

Remote, US Columbus, GA, US, 31999

The Division:  Global Security
Job Id:  2757

Job Summary

Supports management to help ensure compliance objectives are met in the Global Security Division. Works closely with the business to understand activities and to advise on whether those activities meet Global Security policies and standards. Collaborates with the business and other Global Security stakeholders to evaluate the risk, work through mitigation strategies and follow governing processes through proper channels of awareness and/or approval. Supports the creation and maintenance of governing documents. Creates documentation of Global Security’s risk landscape and performs detail review of Analyst level testing and documentation prior to submission. Identifies remediation plans and follows through to completion. Assures regulatory requirements are met.

 

Principal Duties & Responsibilities 

  • Supports the development and adoption of up-to-date information security policies, standards and procedures with regulatory requirements and best practices across all Aflac subsidiaries and companies 
  • Researches, plans, implements, and monitors compliance systems and initiatives and helps oversee the protection of organizational assets 
  • Helps in researching and interpreting regulations and laws to establish compliance standards, and may develop and/or deliver training and communications/change management relative to new standards 
  • Assesses organizational systems to determine gaps in compliance and determine opportunities for remediation and planned sustainment
  • Assists in investigating violations of compliance policy, laws, regulations, etc. or conduct on-going monitoring and reporting to ensure remediation 
  • Responsible for project management relative to new compliance initiatives, products, or annual processes and may conduct assessments and report on control efficacy, suggest/implement treatment and remediation approaches as well as suggest compensating approaches 
  • Support, manage, and ensure adequate coverage of corporate information security policies with information security legal requirements, regulatory mandates, and related industry benchmarks.
  • Support information security related exams, audits, customer requests, and business line needs. 
  • Supports the creation and continuous currency of a Global Risk Assessment as required by FFIEC and NY DFS; understands and contributes to inventory of risk register tracking, scoring and associated risk statements. Supports reporting of Global Security risk through US and Global Risk Committees 
  • Conducts compliance and policy/standards risk assessments; requests and analyzes documentation necessary to perform appropriate assessment 
  • Documents risk exceptions, risk acceptances or informational updates as required, tracks for appropriate remediation plan and to closure and provides clear and concise risk assessment results 
  • Develops and maintains regional and global policy exceptions, risk acceptance and policy violation processes 
  • Provides evidence and coordinates responses for audits, regulatory reviews and controls testing 
  • Reviews responses to Analyst level staff responses to security questionnaires in support of regulatory reviews, sales cycles and other inquiries 
  • Ensures issues identified by internal or external audits, compliance assessments, operational testing, or other methods are remediated, appropriately tested and tracked to resolution. Assists in presenting non-remediated issues at appropriate committee levels commiserate with risk 
  • Performs operational control testing for the department, documenting and remediating issues. Responsible for operationalizing test scripts for assigned controls as part of the Control Assurance Program (CAP) 
  • Performs other duties as required

 

Education & Experience Required 

  • Minimum Required Bachelor's Degree Computer Science, Information Systems, Information Security, Risk Management or any policy or legal related field Preferred Certification CISA, CISM, CISSP 
  • Minimum Required Six or more years of relevant work experience in IT Compliance, Risk Management or other related

 

Or an equivalent combination of education and experience.

 

Job Knowledge & Skills 

  • Knowledge of information security policies and principles of information handling and protection 
  • Strong working knowledge of applicable laws, regulations and industry standards related to compliance and risk management, including guidance documents and enforcement history affecting the life sciences and/or healthcare industries, strongly preferred. Examples include subject matter expertise and drive enhancements for one or more security information security compliance authoritative sources (Gramm-Leach-Bliley Act, FFIEC IT Handbooks, HIPAA, Sarbanes-Oxley (SOX), etc.). 
  • Understanding of the regulatory landscape and changes affecting the Global Security program 
  • Understanding of risk management methodology identifying: threat, vulnerability, likelihood, impact, and security controls and counter-measures 
  • Ability to prepare and present situational updates to varying levels of leadership and varying technical experience 
  • Knowledge of developing and consistently reporting against metrics to identify and measure process outputs and process maturity

 

Competencies 

  • Acting with Integrity 
  • Communicating Effectively 
  • Pursuing Self-Development 
  • Serving Customers 
  • Supporting Change 
  • Supporting Organizational Goals 
  • Working with Diverse Populations 

 

Working Conditions

The statements below describe the general nature and level of the work and are not an exhaustive list of all responsibilities, duties, and skills required.

Normal office environment (virtual or in-person)

 

Travel

None Required


Nearest Major Market: Eugene