The role

We are currently hiring for a crucial role within Aflac’s Global Cybersecurity Assurance Program. The successful candidate will be an experienced information security control tester with technical skills rooted in a broad spectrum of disciplines including Information Security, IT, Business Continuity/Disaster Recovery, and Crisis Management.

The Cybersecurity Assurance Specialist will maintain the library of security controls, facilitate control self-testing, train testers, perform QA of the self-testing results, and work with Control Owners to obtain and track remediation plans until completion. Output from this program is provided to Senior Management and reported at Board level.

We are looking for someone who is comfortable in both a technical leadership and practitioner capacity, working closely with the Control Owners to set a clear direction for the control while also keeping hands on with the control self-testing process.

The Team

The Cyber Assurance Program is an award-winning program that has been built by Aflac, a Fortune 500 company, to measure the effectiveness and maturity of our Global Security Program, with the aim to discover “unknown” gaps in the US & Japanese security operations. The team has built a library of 137 controls, developed against the NIST Cybersecurity Framework and then a testing process which is laid out to mimic attributes of SOX testing that provide a higher level of assurance. This role will be the first based in Northern Ireland and as scope and complexity of operations grow, more will follow.

At Aflac NI, we are building a diverse, multi-function Cyber Security Team to support our Global Security Program protecting our customers in the US & Japan. Over the next 3 years, the Aflac NI Security Team will grow to over 40 and take ownership of key components of the security program. We are integrating with the Global Security Team to strengthen existing functions and build new capabilities.

This is an opportunity to join the team in its early growth stages and play a key role in shaping the team and building the reputation within Aflac and the local Security Community.

What you’ll be doing

• Build and maintain the cybersecurity control library composed of global and regional controls aligned against the NIST Cybersecurity Framework and utilizing NIST 800-53 controls as a basis.
• Establish and maintain the associated test scripts and metadata for the controls.
• Perform quality review of requests for test script changes to ensure proper rigor is consistently in place across all regions.
• Assist with conducting the annual inherent risk assessment and facilitate the annual Control Owner attestation process.
• Follow the control self-testing procedures which address testing of control operating design and effectiveness. Identify Control Owners and Testers for each control, provide training, facilitate the self-testing process via a defined schedule, and track status of testing progress.
• Provide first level quality assurance of the testing documentation, evidence, and other supporting material to confirm the test conclusion is properly supported. Confirm self-test was completed in accordance with procedure
• As assigned, provide support to regional CAP teams (e.g. Japan CAP) regarding CAP processes. This is inclusive of second level quality assurance for control tests that has been through the first level QA process in other regional CAP teams.
• Provide QA results to stakeholders to obtain agreement. Present and discuss any portions of the test and associated documentation that was not executed correctly, accurately, or completely.
• Collect remediation plans from Control Owners where control gaps have been identified, track progress of remediation, and determine when control is ready for re-test.
• Provide recommendations for control enhancements and identify testing automation opportunities.
• Communicate to leadership the results of assurance testing and changes affecting the organization’s Information Security posture. Apply the organization’s risk tolerance and risk management approach in evaluating the security posture and escalate matters of significance.
• Assist in developing global security strategies and plans to support the Cybersecurity Assurance Program.

What you need to have (don't worry if you don't have it all) 

• Bachelor's Degree in IT, Computer Science, Information Security, Cybersecurity, or a related field
• 3+ years information technology security experience.
• Knowledge and experience with Technology Risk Management concepts and controls.
• Knowledge of industry recognized security standards and hands-on experience  conducting operational control testing to within the following areas: IT controls, Security controls, Third party risk management, Business continuity/disaster recovery, and crisis management.
• Excellent verbal and written communication skills with strong attention to detail.

Desirable

• Knowledge of cloud computing technologies and security best practices
• Knowledge of regulatory requirements for protecting information assets (i.e. HIPAA, GLBA, SEC, and Sarbanes-Oxley, etc.)
• Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
• Bilingual in English and Japanese. 

Aflac Northern Ireland is an equal opportunities employer