The role
We are currently hiring for a crucial role within Aflac’s Global Cybersecurity Assurance Program. The successful candidate will be an experienced information security control tester with technical skills rooted in a broad spectrum of disciplines including Information Security, IT, Business Continuity/Disaster Recovery, and Crisis Management.
The Cybersecurity Assurance Testing Specialist will work with Control Owners to facilitate self-testing and perform quality assurance reviews of the results to ensure accuracy and completeness. Output from this program is provided to Senior Management and reported at US Board level.
We are looking for someone who is comfortable with control testing for both administrative and technical controls, working closely with the Control Owners to set a clear direction for the control while also keeping hands on with the control self-testing process.
The Team
The Cybersecurity Assurance Program is an award-winning program that has been built by Aflac, a Fortune 500 company, to measure the effectiveness and maturity of our Global Security Program, with the aim to discover “unknown” gaps in the US & Japanese security operations. The team has built a library of controls, developed against the NIST Cybersecurity Framework and then a testing process which is laid out to mimic attributes of SOX testing that provide a higher level of assurance.
At Aflac NI, we are building a diverse, multi-function Cyber Security Team to support our Global Security Program protecting our customers in the US & Japan. Over the next 3 years, the Aflac NI Security Team will grow to over 30 and take ownership of key components of the security program. We are integrating with the Global Security Team to strengthen existing functions and build new capabilities.
This is an opportunity to join the team in its early growth stages and play a key role in shaping the Aflac NI team and building the reputation within Aflac and the local Security Community.
What you’ll be doing
- Maintain the cybersecurity control library composed of global and regional controls aligned against the NIST Cybersecurity Framework and utilizing NIST 800-53 controls as a basis.
- Maintain the associated test scripts and metadata for the controls.
- Assist with facilitating the annual Control Owner attestation process.
- Take accountability for a portfolio of controls end-to end in a given year by facilitating the control testing, completing QA, and tracking remediation plans. Controls outside your portfolio may also be assigned as needed.
- Identify Control Owners and Testers for each control, provide training, facilitate the self-testing process via a defined schedule, and track status of testing progress. Follow the Aflac Inc. control self-testing procedures which address testing of control operating design and effectiveness.
- Provide first level quality assurance of the testing documentation, evidence, and other supporting material to confirm the test conclusion is properly supported. Confirm self-test was completed in accordance with procedure. Provide QA results to stakeholders to obtain agreement. Present and discuss any portions of the test and associated documentation that was not executed correctly, accurately, or completely.
- Collect remediation plans from Control Owners where control gaps have been identified, track progress of remediation, and determine when control is ready for re-test.
- As assigned, provide support to regional CAP teams (e.g. Japan CAP) regarding CAP processes. This is inclusive of second level quality assurance for control tests that has been through the first level QA process in other regional CAP teams.
- Provide recommendations for potentially streamlining/automating controls testing where feasible.
- Communicate to leadership the results of assurance testing and changes affecting the organization’s Information Security posture. Apply the organization’s risk tolerance and risk management approach in evaluating the security posture and escalate matters of significance.
- Align to global security strategies and plans to support the Cybersecurity Assurance Program.
What you need to have
Essential
- Bachelor's Degree in IT, Computer Science, Information Security, Cybersecurity, or a related field
- 5+ years information security experience.
- Knowledge and experience with Technology Risk Management concepts and controls.
- Knowledge of industry recognized security standards and hands-on experience with conducting operational control testing within the following areas:
- IT controls
- Security controls
- Third party risk management
- Business continuity/disaster recovery, and crisis management.
- Excellent verbal and written communication skills
- Strong attention to detail.
Desirable
- Knowledge of cloud computing technologies and security best practices
- Knowledge of regulatory requirements for protecting information assets (i.e. HIPAA, GLBA, SEC, and Sarbanes-Oxley, etc.)
- Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
- Bilingual in English and Japanese
Aflac Northern Ireland is an equal opportunities employer
