Senior Associate, IT Controls

Fortitude Reinsurance Company Ltd. (Fortitude Re) is one of the world’s leading providers of legacy reinsurance solutions. They work with the world’s leading insurance companies to help them execute comprehensive, transformational solutions for legacy Life & Annuity and P&C lines. Fortitude Re manages a general account of approximately $55 billion across life, annuity, and property & casualty insurance products. The company takes a long-term view on growth and is proud to be backed by a consortium of sophisticated institutional investors led by The Carlyle Group and T&D Insurance Group. Incorporated under the laws of Bermuda on January 1, 2017, Fortitude Re’s roots in the insurance industry and the experience of their leadership go back many decades. Fortitude Re’s leadership team has an average industry tenure of over 20 years, and an impressive track record of successfully managing the most complex legacy liabilities. Their deep insurance experience and proprietary risk modeling capabilities allow them to structure bespoke transactions that benefit both insurance companies and their policyholders. Fortitude Re continues to strengthen its ability to pursue further growth and provide innovative solutions for the global insurance industry.   Click here for more information about Fortitude Re.

As a Senior Associate, you’ll work as a part of the Cybersecurity team to help identify control gaps, plan & track remediation efforts, follow-up with various teams across the company, perform first line of defense testing, support internal and external IT audit engagements, support special projects as needed, and maintain compliance with SOX, SOC1, SOC2, as well as other Cyber related compliance frameworks.  This role will be based in our Nashville, TN office and can work on a hybrid schedule.

What You Will Do:

• Obtain relevant documentation and evidence to support control design and operating effectiveness
• Perform first line of defense testing over infrastructure and application controls around technology, information security, compliance, and operational processes
• Resolve multi-faceted problems by continuously applying independent judgment and by collaborating with others
• Reassess immature or deficient controls to determine if the root cause has been corrected and material risks mitigated
• Demonstrate flexibility and adaptability to manage multiple projects and stakeholder relationships congruently and with autonomy
• Navigate a matrixed organization 

What You Will Have: 

• Bachelors Degree
• Minimum Years of Experience: 2 to 4 years progressive professional roles involving IT security, IT controls auditing, or consulting
• Certification(s) Required: (one or more of the following) CISA, CISM, CRISC, CISSP, CCSP
• Thorough knowledge of security domains such as Security and Risk Management, Asset Security, Cloud Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security; and Security, IT, and risk management frameworks, standards, and guidelines (e.g., NIST, COBIT, ISO 2700x)
• Knowledge of IT audit methodologies and testing. Experience with SOX, SOC1, and SOC2 testing

The base salary range for this role is $100,000-$120,000 and will be commensurate with candidate experience. Pay ranges for candidates may differ based on the cost of labor in that location. In addition to base salary, all employees are eligible for an annual bonus based on company and individual performance as well as a generous benefits package.