Senior Information Technology Security Analyst

As an Information Security Reviewer at Milliman, your primary responsibility is to review the security controls in place at global office locations to ensure implementation and identification of security threats within established timeframes. You will conduct reviews remotely or in-person, meeting with Practice leadership and IT resources, requesting compliance evidence, and preparing reports and recommendations. This role reports to the Information Security Manager in India. Key Responsibilities: - Utilize industry knowledge and technical expertise to address risks effectively. - Identify key risks and controls, optimize controls, and assess security configuration controls and business processes. - Apply understanding of Information Security Policy and applicable security standards. - Prepare assessment reports with actionable recommendations for IT support and senior management. - Ensure timely completion of tasks and escalate project risks to management. - Support aggregate risk reporting to CISO, CIO, and Audit Committee. - Assist in maintaining ISR templates, checklists, and reports. You will also support the US Governance, Risk, and Compliance (GRC) team by: - Reviewing contract terms and legal agreements. - Responding to client information security questionnaires. - Supporting various ad-hoc GRC projects. Qualifications Required: - 7+ years of experience in IT, information security, or IT/security audit roles. - Bachelor's degree in Computer Science or Cyber Security. - Excellent English verbal and written communication skills. - Experience with information security frameworks and standards like ISO 27001/2, NIST SP 800-53, HIPAA, HITRUST, GDPR, SOC 2, and COBIT. - Ability to interpret security data and identify compliance issues. - Strong technical knowledge of information systems and security areas. - Advanced skills in Microsoft Office applications. - Excellent project management skills. - Willingness to travel up to 20-25% annually in the Asia region. Additional Details: You should be willing to pursue professional growth opportunities, have experience with SDLC, cloud security controls, reviewing legal agreements, and working in insurance, finance, or professional services industries. Familiarity with Microsoft SharePoint administration, reporting, and automation tools is a plus. As an Information Security Reviewer at Milliman, your primary responsibility is to review the security controls in place at global office locations to ensure implementation and identification of security threats within established timeframes. You will conduct reviews remotely or in-person, meeting with Practice leadership and IT resources, requesting compliance evidence, and preparing reports and recommendations. This role reports to the Information Security Manager in India. Key Responsibilities: - Utilize industry knowledge and technical expertise to address risks effectively. - Identify key risks and controls, optimize controls, and assess security configuration controls and business processes. - Apply understanding of Information Security Policy and applicable security standards. - Prepare assessment reports with actionable recommendations for IT support and senior management. - Ensure timely completion of tasks and escalate project risks to management. - Support aggregate risk reporting to CISO, CIO, and Audit Committee. - Assist in maintaining ISR templates, checklists, and reports. You will also support the US Governance, Risk, and Compliance (GRC) team by: - Reviewing contract terms and legal agreements. - Responding to client information security questionnaires. - Supporting various ad-hoc GRC projects. Qualifications Required: - 7+ years of experience in IT, information security, or IT/security audit roles. - Bachelor's degree in Computer Science or Cyber Security. - Excellent English verbal and written communication skills. - Experience with information security frameworks and standards like ISO 27001/2, NIST SP 800-53, HIPAA, HITRUST, GDPR, SOC 2, and COBIT. - Ability to interpret security data and identify compliance issues. - Strong technical knowledge of information systems and security areas. - Advanced skills in Microsoft Office applications. - Excellent project management skills. - Willingness to travel up to 20-25% annually in the Asia region. Additional Details: You should be willing to pursue professional growth opportunities, have experience with SDLC, cloud security controls, reviewing legal agreements, and working in insurance, finance, or professional services industries. Familiarity with Microsoft SharePoint administration, reporting, and automation tools is a plus.