Salary range is:
$68,096.00 - $100,000.00
This position is bonus and/or commission eligible.
CCC Intelligent Solutions Inc. (CCC) is a leading cloud platform for the multi-trillion-dollar insurance economy , creating intelligent experiences for insurers, repairers, automakers, part suppliers, and more. At CCC, we’re making life just work by empowering more than 35,000 businesses with industry-leading technology to get drivers back on the road and to health quickly and seamlessly. We’re pushing boundaries with innovative AI solutions that simplify and enhance the claims and repair journey. Through purposeful innovation and the strength of its connections, CCC technologies empower the people and industry relied upon to keep lives moving forward when it matters most. Learn more about CCC at www.cccis.com .

REQUIREMENTS:

• BS in Computer Science, MIS, Cybersecurity, or similar. Alternatively, a minimum of 3 years of IT experience providing foundational technical knowledge.
• 2 years of experience in cybersecurity or a related discipline.
• Familiarity with regulatory requirements such as PCI, SOX, HIPAA, GDPR, and GLBA.
• Working knowledge of security frameworks including ISO and NIST.
• Excellent written and verbal communication skills, with the ability to convey complex security concepts to non-technical audiences.
• Solid understanding of incident response, system configuration, vulnerability management, and security hardening practices.
• Ability to perform critical thinking and operate by themselves without constant detailed instructions.

Certifications Preferred :

• Any security related certification. (CISSP, CISA and other)Certification to ITIL or ITSM related courses

THE ROLE

The Security Risk Analyst plays a critical role within the security team, responsible for identifying, analyzing, and managing security risks across the organization. This role requires a strong understanding of security governance processes and the technical knowledge necessary to assess vulnerabilities and quantify associated risks.
The analyst will support business decision-making by delivering quantitative risk assessments and documenting risk acceptance/rejection and mitigation strategies. This position contributes to the overall security strategy by enabling informed, risk-based decisions that align with governance frameworks while supporting business agility.
Additionally, the analyst will assist in maintaining and updating governance documentation, leveraging knowledge of regulatory requirements (e.g., HIPAA, PCI DSS, SOX, Privacy) and security frameworks (e.g., ISO, NIST) to ensure policies and standards remain current and effective.

KEY RESPONSIBILITIES:

• Conduct enterprise-wide, continuous risk assessments in collaboration with compliance and security teams.
• Manage the risk lifecycle, including identification, validation, documentation, and tracking within the GRC platform.
• Support internal and external audit and compliance initiatives by providing timely and accurate responses to inquiries.
• Identify and assess risks related to privacy, security, business continuity, and regulatory compliance.
• Recommend and document security improvements that balance risk mitigation with operational efficiency and innovation.
• Participate in third-party risk assessments to ensure appropriate safeguards are in place.
• Analyze risk findings and report on program gaps and areas for improvement.
• Define and track qualitative and quantitative metrics to evaluate the effectiveness of the security program.
• Maintain and update the library of governance documents, including policies, standards, and guidelines.
• Collaborate with security, audit, and risk leadership to conduct ongoing program assessments and support strategic planning and budgeting.
• Respond to ad-hoc security-related inquiries from employees across the organization.Design new security related process and document them in a process/procedure document. Make Continuous Service Improvements (CSI) to streamline all process on regular basis.