Aegon Asset Management Lead Information System Security Analyst - GRC - Policy & Standards in Denver, Colorado
Job FamilyRisk Management - General
Job Description SummaryGlobal Technology Services (GTS) partners with the Aegon businesses to provide global IT standards and governance, global IT procurement services, and IT infrastructure, application and cloud support services. Securing information at Aegon is managed through the Information Security function. The mission of the Aegon Information Security function is to protect the information assets of Aegon and its customers. This is accomplished:• through a comprehensive and layered set of capabilities (people, technology, and processes)• using risk based, efficient, and agile approaches• which are aligned to the business strategy and One AEGON• enabling all businesses to effectively control information security risks.Information Security focuses on preventing IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and IT assets and intellectual property. At Aegon, information security is achieved through the implementation of sets of controls, selected through prescribed risk management processes and managed using the Information Security Management System (ISMS), including policies, processes, procedures, organizational structures, software and hardware to protect the identified information assets. Lead or Supervisor Information System Security Analyst – Governance, Risk & ComplianceThe Lead or Supervisor Information System Security Analyst- Information Security Governance, Risk, & Compliance (GRC) provides generalized and specialized information security and control internal services. The services may be specific to information security or general computer controls supporting any business unit within Aegon. In addition, assists with defined tasks in support of the overall Information Security Program, such as Risk Analysis, Control Design within Applications and Services, Evaluation of Control Effectiveness, and Staff Awareness, Education and Training.This position is focused on global delivery providing centralized services and supporting global program build-out.Job Description
On a day to day basis, this position will perform responsibilities such as some or all of the following straightforward information security initiatives:
This position may supervisor a small staff providing daily technical direction and guidance on career development.
Define and provide generalized (e.g., general computer controls) and specialized (e.g., security architecture) IT risk and control services
Support the design and implementation of IT controls across businesses
Enable and manage technology supporting IT governance, risk, control and compliance issues
Maintain oversight of information security assurance activities
Engage with key stakeholders to manage, maintain, assess and monitor the risk and control framework and provide timely reporting to relevant stakeholders
Work in a role on a global team including regular communications with individuals in different business units and different countries
Lead monitoring and evaluation of the effectiveness of the enterprise’s cybersecurity safeguards to help ensure that they provide the intended level of protection.
Lead information security risk assessments.
Lead control assessments of the security environment.
Perform and document results of application security risk assessments.
Lead security reviews, identify gaps in security architecture, and develop a security risk management plan.
Lead the verification that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Validate implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
Lead the determination if gaps in security design or controls exist and providing recommendations for remediation or mitigating controls.
Lead in the development or modification of the computer environment cybersecurity program plans and requirements.
Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
Document associated risks.
Conduct risk analysis whenever an application or system undergoes a major change.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Lead Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Provide security input into exception management processes.
Verify and update security documentation reflecting the application/system security design features.
Lead the preparation, distribution, and maintenance of plans, instructions, guidance, and standard operating procedures.
Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information.
Help ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Participate in the policy standards implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
Recommend policy/standard updates and coordinate review and approval.
Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Help ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
Help ensure that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
Assist in the development of security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
Lead necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Support the verification that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Work with technology and process delivery teams to ensure that information security is correctly considered and implemented as part of the business as usual delivery of solutions, services and processes.
Be a point of reference for stakeholders throughout Aegon on information security delivery across the organization, supporting local security and technology teams.
Lead the definition and facilitation of global information security awareness and training activities, including role-focused additional trainings.
Provide consulting and support services for on-going Phishing campaigns.
8+ years of relevant experience
Bachelor’s degree in IT, system security, engineering or relevant field.
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
Skill in creating policies that reflect system security objectives.
Excellent communication skills in writing and communication information in a clear, concise manner.
Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Knowledge of Risk Management Framework (RMF) requirements.
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
High level of understanding of the concepts and issues related to cyber and its organizational impact.
Knowledge of Personally Identifiable Information (PII) data security standards.
Project Management skills
Ability to mentor junior associates
CISSP or CISM recommended
Financial Services experience
At Aegon we promote a Future Fit mindset. What is a Future Fit mindset?
Acting as One fosters an environment of positive collaboration
Accountability allows us to own the problem as well as the solution
Agility inspires new ideas, innovation and challenges the status quo
Customer Centricity encourages an above average and beyond approach to our customers
Normal office environment
Global support may require some non-traditional hours for meetings
Expected Starting Salary Range: TBD
*This position is also eligible for an incentive bonus
€64.085,5 – €106.809.36 - €117.,490,32
US Salary Guidelines:
*Please note that the compensation information that follows is a good faith estimate for this position only and is provided pursuant to the Colorado Equal Pay for Equal Work Act and Equal Pay Transparency Rules. It is estimated based on what a successful Colorado applicant might be paid. It assumes that the successful candidate will be in Colorado or perform the position from Colorado. Similar positions located outside of Colorado will not necessarily receive the same compensation. *
The Salary for this position generally ranges between $99,750 - $164,850, with an Expected Starting Salary Range of $105,840 - $145,530. This range is an estimate, based on potential employee qualifications, operational needs and other considerations permitted by law. The range may vary above and below the stated amounts, as permitted by Colorado Equal Pay Transparency Rule 4.1.2.
This position is also typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at Company Discretion at a rate of 12.5%.
What You Receive:
A Comprehensive Wealth + Health package. It’s our passion to empower people, and especially our employees, to add years to their lives and more life to their years. That means a healthy account balance and a healthy body to match. As you’ll come to discover, Wealth + Health is a central part of everything we do!
Wealth Benefits; Competitive Pay, Bonus, and Benefits Package; Pension Plan, 401k Match, Employee Stock Purchase Plan, Tuition Reimbursement, Disability Insurance, Stock Purchase Plan, Employee Discounts, Career Training & Development Opportunities, Certification Sponsorship
Health and Work/Life Balance Benefits; Be Well Company sponsored holistic wellness program which includes Wellness Coaching and reward dollars, Parental Leave, Adoption Assistance, Employee Assistance Program, College Coach Program, Back-up Care Program, Paid Time Off to Volunteer, Employee Matching Gifts Program, Employee Resource Groups, Inclusion and Diversity Programs, Employee Recognition Program
Our commitment to inclusion & diversity means that we value differences. We encourage the unique perspectives of individuals and are dedicated to creating a respectful and inclusive work environment.
Why Work for Us
Total Rewards at Transamerica: It’s more than a paycheck.
Our comprehensive Total Rewards package is designed to help support you in many ways — throughout all stages of your life and career. We provide a competitive, market-driven program that encompasses base compensation, bonus potential, retirement, health and wellness benefits, learning and development opportunities, plus great employee perks. All designed with you in mind… to help you live your best life, grow personally and professionally - and feel valued for the work you do.
Learn more about our Total Rewards Package (https://www.transamerica.com/individual/about-us/careers/benefits/) .
Equal Opportunity Employer:
Transamerica Life Insurance Company is an Equal Employment Opportunity employer and does not discriminate against any applicant or employee because of age, religion, sex, gender identity, genetic information, race, color, national origin, pregnancy, sexual orientation, marital status, participation in the uniformed services (e.g. U.S. Armed Forces, National Guard), physical or mental disability, or any other status protected by federal, state, or local equal employment opportunities laws.
Applicants with physical or mental disabilities may be entitled to a form of reasonable accommodation under the Americans with Disabilities Act and certain state and local laws. A reasonable accommodation is a change in the way things are normally done which will insure equal employment opportunity without imposing undue hardship on the Transamerica Companies. Please contact: firstname.lastname@example.org if you are a job seeker with a disability, or are assisting someone with a disability, and require assistance to apply for one of our jobs.
Our Company is committed to providing accessibility to those with disabilities in a manner that is consistent with the principles of independence, dignity, integration and equality of opportunity, that is in compliance with the Accessibility for Ontarians with Disabilities Act 2005 ("AODA"). Please contact email@example.com if you are a job seeker with a disability, or are assisting someone with a disability, and require assistance to apply for one of our jobs.
If you experience technical problems during the application process, please email firstname.lastname@example.org.
At Transamerica, hard work, innovative thinking and personal accountability are qualities that we honor and reward. We understand the potential that is unleashed by leveraging the talents of a diverse workforce. We embrace an environment where employees enjoy a balance between their careers, families, communities and personal interests. Ultimately, we appreciate the uniqueness of a company where talented professionals work collaboratively in a positive environment focused on helping customers secure their long-term financial futures.
Transamerica is a part of AEGON, an international life insurance, pension, and asset management company. The AEGON companies employ approximately 28,000 people and have a strong presence in more than 20 countries across the globe. For more information, visit www.transamerica.com.