FBS Vendor Information Security Analyst

Our Client is one of the United States’ largest insurers, providing a wide range of insurance and financial services products with gross written premiums well over US$25 Billion (P&C). They proudly serve more than 10 million U.S. households with more than 19 million individual policies across all 50 states through the efforts of over 48,000 exclusive and independent agents and nearly 18,500 employees. Finally, our Client is part of one the largest Insurance Groups in the world.

Area Summary

The EVRA team (External Vendor Risk Assessment), part of the FIS (Farmers Information Security) team performs cybersecurity assessments of the company's vendors, suppliers, and third parties. We perform about 400 assessments a year and provide the business with recommendations based on a risk-based analysis of each supplier's respective security posture.

Main Activities

• Focus on security reviews with vendors (100 a year, 8-10 open assessments approx.)
• Perform 1/4 of the security assessments for the EVRA team:
• Schedule and conduct kickoff calls with requesting business units to determine scope of each assessment.
• Rate the risk level of each supplier engagement
• Engage with the vendor representative over email (or over phone as needed). Send and receive security questionnaires, analyze security responses, review control evidence (SOC reports, pen tests, vulnerability scans, bug bounty reports, policy documents).
• Gap analysis, remediation discussion, risk-based recommendations based on findings.
• Drafting, editing, and publishing of assessment summary reports, peer review of other team members' summary reports.

• At least 3 years of experience in a similar role with vendor review management
• Full English Fluency in coversations
• Bachelor's degree in Information Systems or related discipline preferred

Technical & Business Skills

• Inquisitive profile, likes to question things, investigates
• Excel - Intermediate (MUST) Formulas, Pivot Tables, use of excel in English
• Office Suite - (1-3 Years)
• Certifications in CISSP, CISA, CISM, CompTIA certifications. (Desirable)
• Familiarity with SOC 2 type II (SSAE-18) format, reading penetration test reports, vulnerability scan reports (Desirable)
• Little bit of coding experience, security, vulnerabilities, risk and compliance (Desirable)

This position comes with competitive compensation and benefits package:

1. Competitive salary and performance-based bonuses
2. Comprehensive benefits package
3. Career development and training opportunities
4. Flexible work arrangements (remote and/or office-based)
5. Dynamic and inclusive work culture within a globally renowned group
6. Private Health Insurance
7. Pension Plan
8. Paid Time Off
9. Training & Development

About Capgemini

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 340,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group €22.5 billion in revenues in 2023.