Sr. Information Security Analyst

Boston, MA
Technology – Security
Simply Business is more than our name. It's how we approach small business insurance: Make it clear. Make it simple. Make it affordable. Founded in 2005 (with our first international office in Boston launched in 2016), Simply Business is an online business insurance brokerage that specializes in one thing: protecting the businesses that entrepreneurs have worked hard to build.

Through blending a combination of technology, data, and insurance knowledge - with 10 years of expertise in the UK in how to build great products for our customers - we are looking to simplify the insurance-buying process for all small businesses across the US.

Right now we’re at the start of that journey. We need people who are looking for a challenge and have the drive and ambition to challenge the boundaries in whatever exciting project they believe in. We believe that people work more productively and imaginatively when they are free from rigid hierarchy and structures and we’re creating a colorful and collaborative environment to help support you in meeting your ambitions.

If you’re smart, passionate about delivering brilliant customer experiences across an integrated online and offline user journey, and enjoy solving complex challenges then you should apply to join our team.

We need a Sr. Information Security Analyst to join us  in Boston.

Reporting to the VP Technology, you will exercise a great deal of autonomy to assist the business in managing their information risks.

As a Sr. Information Security Analyst, you will:

    • Address security issues as an enabler, not a blocker
    • Deliver security services in an agile / lean environment
    • Articulate the “why” of what you do to both technical and non-technical people
    • Contribute to establishing a security culture throughout the business

Responsibilities include:

    • Develop and manage our risk & compliance system, working with the wider business to assist in managing their information risks
    • Advise on the creation, implementation and revision of security policies, regularly presenting issues and recommendations
    • Support vendor and third party supplier assessments
    • Support security incident management processes and remediation
    • Manage security awareness across the organization
    • Implementation and operation of Threat and Vulnerability management, ensuring that emerging weaknesses and risks are analyzed and mitigated in a timely manner

What we are looking for:

    • Experience establishing and maintaining risk management practices
    • Experience writing and implementing security policies, procedures & guidelines
    • Good understanding of Data Protection and how InfoSec supports privacy
    • Good understanding of IT Security practices
    • Preferably  an understanding of GRC, ISMS, GDPR, PCI, ISO 27001
    • Understanding of ISMS, how it is implemented and maintained.
    • Familiarity with Threat Modelling and how to apply it to risk management
    • Familiarity with Information Security Maturity models, e.g. C2M2
    • Familiarity with New York Cyber Security regulations

What are the benefits?
Working in our Boston Office, you will have the chance to shape a business from the very beginning, and an opportunity to develop and learn new skills across various technology and business areas as you desire.
Plus there’s all the serious (but important) stuff we call "core benefits".
The ‘core’ stuff
Some of these will kick in once you’re confirmed in post, but here’s the summary:
• A salary that reflects your experience, our pay policy and the market we’re in from your first day
• Group plan for medical, dental, and prescription drug coverage
• Short term disability, long term disability and life insurance coverage
• Participation in the Company’s bonus program
• Participation in 401(k) plan with a 3% employer match
• Commuter benefits to help cut down on commuting costs
• 25 days of vacation time plus 10 company holidays
• Flexible working hours and working from home
But there’s so much more to Simply Business than insurance. We also commit to flexible working options, smart working (our offices are kitted out for you to work when and how you choose)and we have a handy online form to put in any training or conference requests.
Best of all, though, are the groups, clubs, and adventures that come with the Simply Business territory. We trek the Sahara for charity, take you on weekends away, throw epic summer parties, meet up for book groups, public speaking coaching and lots, lots more
It’s a big claim but we genuinely believe the Simply Business culture is truly unique. You sort of have to come and spend time with us to appreciate it. So get that application in and we’ll take it from there!
Our values
Everything we do comes down to these five values – empowerment, authenticity, simplicity, learning and pioneering.
In practice, these will mean something unique to every  person at Simply Business, but if you’re considering working here, give them some thought. They’re at the heart of our story.
We believe in our people and the positive impact they can have so we enable everyone to stretch themselves
We celebrate diversity, avoid jargon and genuinely care about helping small businesses thrive
We attempt to simplify complex solutions to save our customers time and effort
We’re never done learning about new possibilities and act to explore them
We’re obsessed with finding new ways to create even better experiences