Reports To: Business Information Security Officer
Department: Information Technology
Location/Schedule: Hybrid (Chicago IL, Tampa, FL)
Classification: Full-Time/Exempt
Who We Are:
Old Republic is a leading specialty insurer that operates diverse property & casualty, as well as title insurance companies. Founded in 1923 and a member of the Fortune 500, we are a leader in underwriting and risk management services for business partners across the United States and Canada. Our specialized operating companies are experts in their fields, enabling us to provide tailored solutions that set us apart.
Position Overview:
The Security Analyst supports the Business Information Security Officer (BISO) program by driving security and compliance initiatives across Operating Centers. This role ensures alignment with enterprise policies, regulatory requirements, and industry standards while collaborating with technical and business teams.
Key Responsibilities:
- Fulfill tasks across assigned cybersecurity disciplines.
- Assist in risk assessments, application security reviews, and control evaluations to support enterprise security and compliance objectives.
- Support GRC service delivery, documentation, and vendor risk management.
- Support customer security inquiries and vendor risk management activities, including risk communication and remediation tracking.
- Ability to evaluate threats, vulnerabilities, and business impact.
- Ability to manage job functions proactively with maximum efficiency and results.
- Assist in the coordination of internal and external audits, including evidence collection and issue tracking.
- Develop risk metrics and dashboards to monitor control effectiveness.
- Familiarity with security concepts, (data security, app security, identity management, access controls, network security, etc.)
- Help maintain security controls (e.g., anti-phishing, email filtering, DLP).
- Strong organizational skills and attention to detail.
- Use security tools and platforms to help internal customers solve problems and work securely, with oversight and guidance.
Qualifications:
- Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field. Equivalent practical experience will be considered with 5 years of experience in Cybersecurity, GRC, or IT operations roles.
- Knowledge of cybersecurity concepts and at least one delivery discipline (e.g., endpoint protection, identity management, vulnerability remediation, data security, app security, or GRC).
- Ability to work under moderate supervision and take direction from senior team members.
- Basic understanding of regulatory frameworks such as SOX, HIPAA, GDPR, PIPEDA, OSFI, NYDFS, or NIST CSF.
- Familiarity with GRC platforms and tooling.
- Strong communication and collaboration skills, with the ability to engage technical and non-technical stakeholders.
- Willingness to pursue relevant certifications (e.g., Security+, CGRC, CISA, CISSP).
- Experience supporting multiple technical teams.
- Exposure to secure application design principles or SDLC integration.
- Familiarity with audit coordination and evidence management processes.
- Hands-on experience with cybersecurity technologies or security platforms.
Professional certifications such as:
- CompTIA Security+
- Certified Governance, Risk, and Compliance (CGRC)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
ORI is an Equal Opportunity Employer. ORI provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training
