Key skills
CloudCyber SecurityLeadershipRisk ManagementCommunicationTime Management
About this role
Role Overview
- Evaluate the impact of security and information protection legal and regulatory requirements affecting Aflac and maintain documented assessments/remediation tracking
- Assist with operationalizing security and information protection legal and regulatory requirements affecting Aflac by providing guidance on the creation and revision of security practices that include cybersecurity best practices and compliance with all applicable regulations and other frameworks, such as: NYDFS, GLBA, HIPAA, PCI, SEC, CCPA, GDPR, FSA, SOX, NIST, etc.
- Remain current with security and information protection legislation, standards, best practices, and industry trends affecting Aflac business practices and customer expectations
- Proactively collaborate with the business, technology, and functional teams to communicate new or changing regulations that affect cybersecurity requirements
- Support Global Security leadership with changes to security and information protection legal and regulatory requirements by documenting feedback during comment periods
- Assist with the maintenance of processes, KRIs and metric reporting, tools, and systems leveraged to identify, assess, measure, and monitor technology regulatory compliance and cybersecurity risk across Aflac
- Maintain and improve the Governance and Compliance team’s metrics showing compliance effectiveness, exception remediation progress, risk trends, and audit findings
- Provide guidance to key stakeholders as needed regarding documentation, evidence, and other supporting material that should be maintained to demonstrate that processes are designed and operating effectively
- Produce presentations, reporting, and other content that will be used to communicate with leadership and other key stakeholders (e.g., employees, producers) about legal/regulatory updates, annual attestation results, and other changes affecting the organization's Information security posture
- Performs other duties as required
Requirements
- Excellent verbal and written communication skills with the ability to understand and communicate complex information security, risk management, and legal/regulatory compliance concepts
- Experience applying and assessing industry-recognized security standards and regulatory frameworks for areas such as Information Security, Physical Security, Business Continuity, Disaster Recovery, Crisis Management, and IT (e.g., Asset Management, Configuration Management, Vulnerability Patching)
- Technology Risk Management concepts and control
- Managing to legal/regulatory requirements for protecting information assets
- Global technology organizational concepts
- Principles and methods of all information security disciplines
- Knowledge of and in-depth experience in the ability to apply state, federal, and international information security and information protection laws and regulations such as, but not limited to: NYDFS, GLBA, HIPAA, SEC, GDPR, CCPA, FSA, and financial integrity under Sarbanes-Oxley, etc.
- Knowledge of and in-depth experience in the ability to apply industry-recognized security standards such as NIST, PCI, etc.
- Knowledge of cloud computing technologies and security best practices
- Encompasses professional maturity to work independently and work collaboratively in teams
- Strong multi-tasking and time management capability
- Detail oriented, structured and organized
Tech Stack
- Cloud
- Cyber Security
Benefits
- medical, dental, and vision coverage
- prescription drug coverage
- health care flexible spending
- dependent care flexible spending
- Aflac supplemental policies (Accident, Cancer, Critical Illness and Hospital Indemnity offered at no costs to employee)
- 401(k) plans
- annual bonuses
- opportunity to purchase company stock
- 11 paid holidays
- up to 20 days PTO to be used for any reason
- state-mandated sick leave (Washington employees accrue 1-hour sick leave for every 40 hours worked)
- other leaves of absence, if eligible