Live chat
American Family Insurance.

Information Security Compliance & Governance Analyst

American Family Insurance. - Madison, WI

Information Security Compliance & Governance Analyst




At American Family Insurance, we’re driven by our customers and employees. That’s why we provide more than just a job – we provide opportunity. Whether you’re already part of our team in search of a new challenge or new to our company and ready for what’s next, you’re in the right place. Every dream is a journey that starts with a single step. Start your journey right here. Join our team. Bring your dreams.

Quick Stats:

Job ID:

R7297 Information Security Compliance & Governance Analyst (Open)


The Information Security Compliance and Governance Analyst works with management and team members on our Information Technology compliance model and programs, and monitors and reports on the company`s information security compliance posture to aid in the defense against external threats and protect customer and enterprise data. Collaborates with Internal Controls, Internal Audit, Compliance, and other departments to communicate and monitor our security compliance model and programs. Collaborates with other members of the Security Compliance & Governance Unit and the Security Department, and has some knowledge in most primary accountabilities. Ensures adequate and effective security controls are documented and followed in support of compliance and data security requirements. Collaborates with other members of the Security Department to manage control oversight, testing, gap analysis, and remediation tracking. Helps to facilitate internal and external audits and audit report preparation for review Security Management.


Specialized Knowledge and Skills Requirements

Demonstrated experience providing customer-driven solutions, support or service

Basic knowledge and understanding of how information security affects an organization and ability to link it to business processes.

Basic knowledge and understanding of audit standards, practices and control frameworks.

Basic knowledge and understanding of risk assessment and control methods.

Basic knowledge and understanding of end-user computing tools, hardware, application software, network, communications and mobile technologies.

Basic knowledge and understanding of information security policies, standards and processes.

Basic knowledge of electronic record retention policies and standards.

Additional Job Information:

Based on candidate qualifications, we are open to hiring at any level within the job family.

Offer to selected candidate in contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions

Our policy restricts consideration of applicants needing employment sponsorship (visas) to specialty occupations. Sponsorship will not be considered for this position

Offer to selected candidate will be made contingent on the results of applicable background checks

Relocation assistance is available

Job Description:

Primary Accountabilities

Electronic Discovery (40%)

Provides technical support for tools used to assess, collect and review data.

Provides technical support for eDiscovery workflow tools.

Executes the electronic discovery process in accordance with internally defined processes, including the identification, collection, preservation and release of evidence to support or refute the facts and allegations of investigations and litigation. Consults with internal and external counsel in addition to other impacted areas within the corporation.

Communicates with all levels of management as appropriate on status and resolution of electronic discovery requests.

Maintains awareness of electronic records retention trends, methods, solutions and standards.

Maintains awareness emerging legislation regarding record retention and privacy.

Information Security Compliance (20%)

Reviews company standards for compliance to legal and regulatory requirements. Works with subject matter experts to maintain documentation; modifies or creates new security standards as needed.

Assists in monitoring compliance with security policies and standards across the organization.

Assists in documenting and tracking requests for variance from standards. Monitors risk mitigation processes and progress with the clients until variances are closed.

Is aware of processes and methods for addressing and/or acknowledging non-compliance to information security standards and communicates clearly to business areas.

Assists in reviewing contracts for new products or services impacting the technology environment to ensure alignment to company security standards.

Assists in developing and communicating guidelines for enterprise security practices

IT Internal Controls and Audit (20%)

Assists in the development and management of the overall IT internal controls strategy and plan on behalf of the I/S division. Partners with the corporate Internal Controls unit and Internal Audit to ensure alignment with the corporate internal controls strategy and plan.

Follows workflow to facilitate the effective and efficient monitoring, managing and reporting of internal controls operations.

Assists in developing risk control matrix and control test plans for testing direct and complementary internal controls in accordance with legal, regulatory and contractual requirements.

Assists in control testing and documents results. Works with process owners to develop mitigation actions and follows up to ensure remediation steps are taken to completion.

Identifies opportunities to continuously improve control effectiveness and efficiency and reduce the cost of controls.

Assists in coordinating the I/S response to internal and external audit and compliance requests.

Information Security Governance: Information Security Communications (10%)

Promotes the values and benefits of complying with security policies and standards.

Coordinates and conducts Information Security awareness events.

Assists in facilitating stakeholder discussions, coordinating the meetings, and leading discussions to appropriate definitions and consensus.

Assists in creating meaningful security content for web, email and other communication methods for the enterprise.

Collaborates with other Security Department units to build Security Awareness program appropriate to changing threats and trends.

Information Security Governance: Information Security Policies and Standards (5%)

Assists in developing and communicating security standards, procedures, processes, guidelines and policies. Helps ensure documentation is complete, up-to-date, and applicable to our environment. These may include user authentication rules, security auditing procedures, and use of firewalls.

Stays current with potential legal and regulatory requirements affecting information security and privacy.

Stays abreast of information security trends, methods, solutions, standards, and potential threats.

Reviews changes to standards set by organizations such as NIST and ISO for relevance to our environment, and provides recommendation for improvements to internally defined standards.

Assists in the development of the strategies roadmap to address identified information security risks.

Information Security Governance: Information Security Metrics (5%)

Helps to establish security metric baselines and generates reports reflecting current performance against those baselines.

Assists in measuring and tracking performance against established goals and expectations

Assists narrative summary and analysis of the metrics; what do the numbers mean, what changes in the technology or security environment may have impacted the numbers, and what can be changed to correct any deficiencies.

Proactively researches new threats or trends to determine risk to our environment.

Stay connected: Join our Talent Community!


At American Family Insurance, we know how hard our customers and employees work to achieve their dreams. That’s why, for nearly 90 years, we’ve made it our mission to protect those dreams. It’s all part of who we are and who we’ll always be – innovative, caring, agile, trustworthy, transparent and passionate. We’re a strong, forward-looking company and a proven leader in our industry. And if you’re looking to make a difference, we’re looking for you.

Apply Now

Apply Now


3 days 21 hours ago

American Family Insurance.


Information Security Compliance & Governance Analyst American Family Insurance. - Madison, WI, United States


Location: Madison, WI

Company Profile:
For more than 80 years, American Family Insurance has given its customers peace of mind by making their insurance experience easy and convenient. Our caring agents strive hard to meet customers' unique needs by offering just the right mix of American Family's auto, home, life*, umbrella, business, health, and farm & ranch insurance, as well as retirement* products. Located throughout our 19 operating states, American Family's independent contractor agents serve as local, expert and trusted advisors to our customers. They get to know you like family.