Senior Analyst Information Security and Technology Risk at Empower Annuity Insurance Company of America

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

15 Aug, 26

Salary

0.0

Posted On

17 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Technology Risk, GRC, KRI Development, ISO/IEC 27001, NIST CSF, COBIT, Risk Assessment, Third-Party Risk Management, ServiceNow IRM, AI Risk Management, Regulatory Compliance, Data Privacy, Executive Reporting, Policy Development, Audit Support

Industry

Financial Services

Description

Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them. Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself. The Intelligence and Analytics (IA) Specialist is responsible for supporting the organization’s information security, technology risk, and governance programs. This role focuses on maintaining alignment with industry standards and regulatory expectations, design, enhancement, and reporting of key risk Indicators (KRIs), and identifying emerging and AI‑related risks. This role, as part of an extension of Global Information Security Office (GISO), will work closely with the global stakeholders on Information Security and Technology Risk themes to drive strategic value through data-driven risk insights and platform transformations ESSENTIAL FUNCTIONS: Define, track, and report Key Risk Indicators (KRIs) and security risk metrics, producing dashboards and management‑level reporting. Document and manage risks, controls, and issues using GRC tools such as ServiceNow IRM (good to have), supporting workflow efficiency and audit traceability. Experience in identifying, assessing, and monitoring emerging risks, including AI, automation, data privacy, and evolving threat landscapes, and providing risk‑based recommendations to stakeholders. Prepare and deliver clear, executive‑ready presentations, and effectively communicate security and risk concepts to both technical and non‑technical stakeholders. Develop, review, and maintain information security policies, standards, and procedures, ensuring alignment with regulatory expectations, industry frameworks, and internal risk appetite. Experience in managing the Information Security Management System (ISMS) aligned with ISO/IEC 27001, NIST Cybersecurity Framework (CSF), and COBIT, ensuring consistent application of controls and governance practices across the organization. Experience in performing information security, technology, and cyber risk assessments, including inherent and residual risk analysis, and evaluating risks associated with new technologies, cloud, and digital initiatives. Perform third‑party security risk assessments, review vendor security artifacts (e.g., SOC reports, certifications), and track remediation activities and risk acceptance decisions. Support regulatory compliance activities, internal and external audits, and management responses by ensuring risks, controls, and issues are well documented, traceable, and defensible. Education: College diploma or University degree in Computer Science or IT Management, or equivalent experience. EXPERIENCE: 5 - 8 years of experience in information security, cyber/technology risk, or GRC‑focused roles. Hands‑on experience with ISO/IEC 27001, NIST CSF, and COBIT frameworks. Experience performing risk assessments, policy and standards development, and third‑party risk management. Exposure to regulatory compliance environments and audit support activities. Risk reporting, analytics, or KRI development Exposure to ServiceNow IRM or similar GRC platforms (good to have) SKILLS/CHARACTERISTICS: Strong understanding of information security, technology risk, and emerging risk domains, including AI‑related risks Knowledge of GRC practices, control frameworks, and regulatory expectations Experience with GRC tools (e.g., ServiceNow IRM - good to have) Excellent analytical, documentation, and reporting skills Strong written, verbal, and presentation skills, with the ability to communicate effectively with senior management and cross‑functional teams Ability to translate technical security risks into clear business impact Individual contributor with strong analytical skills and a data-driven mindset We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age, race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law. Want the latest money news and views shaping how we live, work and play? Stay in the know with The Currency and sign up for Empower’s free newsletter. Remote and Hybrid Positions For remote and hybrid positions you will be required to provide reliable high-speed internet with a wired connection as well as a place in your home to work with limited disruption. You must have reliable connectivity from an internet service provider that is fiber, cable or DSL internet. Other necessary computer equipment will be provided. You may be required to work in the office if you do not have an adequate homework environment and the required internet connection. Follow Empower Facebook, LinkedIn, X, Instagram, & Glassdoor

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The role is responsible for supporting information security, technology risk, and governance programs by defining and reporting Key Risk Indicators (KRIs). It involves managing risks and controls using GRC tools and identifying emerging risks, particularly those related to AI and automation.