Security Vulnerability Management Analyst

ABOUT US
At HUB International we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals families and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees to learn grow and make a difference. Our structure enables our teams to maintain their own unique regional culture while leveraging support and resources from our corporate centers of excellence.

HUB is the 5th largest global insurance and employee benefits broker providing a boundaryless array of business insurance employee benefits risk services personal insurance retirement and private wealth management products and services. With over $5 billion in revenue and almost 20000 employees in 600 offices throughout North America HUB has grown substantially in part due to our industry leading success in mergers and acquisitions.

More about HUB:

In a rapidly changing world HUB advises businesses and individuals on how to prepare for the unexpected. As one of the worlds largest insurance brokers our focus is dedicated to providing our customers with the peace of mind that what matters most will be protected through unrelenting advocacy and tailored insurance solutions that put our clients in control. Our growing team of professionals across North America represents a broad deep and oneofa kind aggregation of entrepreneurs and leaders recognized for their excellence throughout the insurance community.

About the Position

Reporting to the Security Portfolio Manager the Security Analyst is responsible for contributing to the development maintenance and implementation of the Vulnerability Management program at HUB International.

The Security Analyst functions as a member of the Security Architecture team and interacts with technical and business units to identify assess and solution information security solutions. The Security Analyst will focus on the continuous improvement of the Vulnerability Management program. The Security Analyst will as requested provide support for area metrics and information gathering for security program delivery. This role requires strong teamwork collaboration and leadership skills with the ability to foster and maintain business relationships with all areas of HUB.

Responsibilities:

• Utilize centralized tooling to detect and identify risk in devices programs and networks
• Evaluate potential risk and analyze vulnerability scan data
• Support the administration of Security Architecture tooling
• Partnering with technical and business units to identify solutions to remediate and mitigate risk. Further providing support to these teams until risk is resolved
• Assist in improving processes identify efficiencies and recommend solution enhancements to improve service level delivery
• Support the HUB Information Security Governance & Compliance team as needed during risk assessments internal and external Information Security Audits and Vendor reviews
• Gather and report on key organizational information security metrics
• Engage in review and continuous improvement of the Vulnerability Management program with the Security Architecture team
• Other duties as assigned

Requirements:

• Bachelors degree in discipline appropriate to assignment or an equivalent combination of education and experience
• At least 2 years experience in an Information Security role or 3 years experience in an IT or Systems analyst capacity with progressively difficult responsibilities
• Understanding of IT General Security Controls and OWASP application security designs
• Basic understanding of Threat modeling and Security Architecture principles
• Basic understanding of cloud infrastructure and security controls design
• Basic understanding of Identity and Access Management principles
• Understanding of industry security standards guidelines and regulatory/compliance requirements related to information security such as ISO 27001 NIST 80053 SOC2 PCI SOX etc
• Ability to evaluate business processes IT technology identify security risks process gaps and evaluate IT controls
• Organizational skills to prioritize risks and actions using a riskbased approach
• Solid analytical and problemsolving skills; ability to think strategically and drive decision making
• Excellent communication (both written and verbal) & interpersonal skills
• Ability to balance priorities and deliverables across multiple workstreams
• High flexibility including willingness to travel up to 10 of working time
• Related certifications (e.g. CISA CASP SANS GCCC preferred
• Experience with vulnerability management platforms

Although hybrid to a local HUB office is desirable we are open to remote candidates.

JOIN OUR TEAM
Do you believe in the power of innovation collaboration and transformationDo you thrive in a supportive and client focused work environmentAre you looking for an opportunity to help build and drive change in a rapidly growing and evolving organizationWhen you join HUB International you will be part of a community of learners and doers focused on our Core Values: entrepreneurship teamwork integrity accountability and service.

Disclosure required under applicable law in California Colorado Illinois Maryland Minnesota New York New Jersey and Washington states: The expected salary range for this position is $85000 to $120000and will be impacted by factors such as the successful candidates skills experience and working location as well as the specific positions business line scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role we encourage you to submit your application. By doing so we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance FSA HSA and 401(k) accounts paidtimeoff benefits such as vacation sick and personal days and eligible bonuses equity and commissions for some positions.