Information Security Analyst

Third Party Risk, Onsite-Hybrid

Posted on 10/18/2023

INACTIVE

10,001+ employees

Title insurance & professional settlement services

Company Overview

First American is on a mission to provide comprehensive title insurance protection and professional closing/settlement services that produce clear property titles and enable the efficient transfer of real estate.

Data & Analytics

Real Estate

Company Stage

N/A

Total Funding

N/A

Founded

1889

Headquarters

Santa Ana, California

Growth & Insights

Headcount

6 month growth

↑ 4%

1 year growth

↑ 6%

2 year growth

↑ 6%

Locations

Orange, CA, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Management

CategoriesNew

IT & Security

Requirements

Must have working knowledge of compliance regulations (GLBA, FFIEC, GDPR, CCPA, SOX, HIPPA, OCC), and Information Security governance standards and control frameworks; strong analysis, independent decision making skills and ability to work effectively with all levels of the organization
Generally requires a BS Degree in Computer Science, Information Technology, or equivalent work experience
Must have minimum 3 years information security experience
Must have 2+ years of experience performing third-party information security risk assessments or audits
Experience in defining third-party risk management strategy and implementing frameworks
Experience in developing audit and risk assessment reports
Experience in managing vendor relationships
Certification: CTPRP, CTPRA, or CISSP preferred
Pay Range: $69,900- $116,490 annual
This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location
#LI-BL1

Responsibilities

Responsible for performing information security and business continuity risk assessments on third-party service providers (vendors) and monitoring and reporting on the remediation of deficiencies
Completes comprehensive information security risk assessments on potential and existing third-party service provider relationships
Evaluates third-party service provider engagements to asses, identify, and articulate areas of risk
Act as a liaison between business owners and third-party service providers to complete risk assessment activities and to establish and track acceptable risk mitigation actions
Participates in identifying process requirements and for specific business needs
Creates and generates reports; researches and analyzes data and reports trends to management/ business partners
Keeps abreast of industry and third-party risk security management practices and advancements and incorporates that knowledge into daily work activities
Coordinates, monitors or otherwise performs periodic vendor performance reviews for adherence to contractual SLAs
Identifies/receives problem, researches alternatives, prepares presentations, drives resolutions, gains consensus, and implements solutions for defined business processes
Under general supervision, oversees a small to medium scale projects or phases of a larger project
Maintains strict confidentiality in all matters dealing with information security matters deemed confidential by management

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

What You’ll Do:

Responsible for performing information security and business continuity risk assessments on third-party service providers (vendors) and monitoring and reporting on the remediation of deficiencies.

Completes comprehensive information security risk assessments on potential and existing third-party service provider relationships.

Evaluates third-party service provider engagements to asses, identify, and articulate areas of risk.

Act as a liaison between business owners and third-party service providers to complete risk assessment activities and to establish and track acceptable risk mitigation actions.

Participates in identifying process requirements and for specific business needs.

Creates and generates reports; researches and analyzes data and reports trends to management/ business partners.

Keeps abreast of industry and third-party risk security management practices and advancements and incorporates that knowledge into daily work activities.

Coordinates, monitors or otherwise performs periodic vendor performance reviews for adherence to contractual SLAs.

Identifies/receives problem, researches alternatives, prepares presentations, drives resolutions, gains consensus, and implements solutions for defined business processes.

Under general supervision, oversees a small to medium scale projects or phases of a larger project.

Maintains strict confidentiality in all matters dealing with information security matters deemed confidential by management.

What You’ll Bring:

Must have working knowledge of compliance regulations (GLBA, FFIEC, GDPR, CCPA, SOX, HIPPA, OCC), and Information Security governance standards and control frameworks; strong analysis, independent decision making skills and ability to work effectively with all levels of the organization.

Generally requires a BS Degree in Computer Science, Information Technology, or equivalent work experience.

Must have minimum 3 years information security experience.

Must have 2+ years of experience performing third-party information security risk assessments or audits.

Experience in defining third-party risk management strategy and implementing frameworks.

Experience in developing audit and risk assessment reports.

Experience in managing vendor relationships.

Certification: CTPRP, CTPRA, or CISSP preferred

Pay Range: $69,900- $116,490 annual

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

#LI-BL1

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.