Associate Analyst, IT Security & Governance, GRC at Allied World Assurance Company Holdings, Ltd

Job Title: Associate Analyst, IT Security & Governance, GRC 

Location:  Farmington, CT 

Reporting Structure: 
• Reports to: AVP, Enterprise and Cyber Governance Lead 
• Partnership: Collaborates closely with Cyber, Infrastructure and Application Management teams 

Take the next step in your career with us. 

Allied World is an ideal place for talented professionals who are driven by a belief in the value of collaboration and the power of knowledge. 

We believe that when our great people work together and support one another, our clients receive the best solutions. We embrace unique perspectives and empower each person to grow through professional development, career training, and mentoring programs. 

Our people are our most important asset, and we are very proud of the quality of our team members. 

Position Summary:  

The Governance Analyst will be responsible for ensuring monitoring and compliance with policies that align with internal frameworks and external regulatory requirements. This role requires strong knowledge of cybersecurity and enterprise frameworks (e.g., NIST, COBIT, CIS) and the ability to translate complex regulatory requirements into clear, actionable policies. The ideal candidate will collaborate with cross-functional teams to ensure policies drive compliance, governance maturity, and operational resilience. Strong understanding of organizational processes and compliance requirements are key for this role 

Key Responsibilities: 

1. Control Assessment: 
• Conduct regular control assessments to identify and evaluate potential non-compliance to applicable frameworks. 
• Utilize frameworks like NIST 2.0, CIS Version 8 etc. as the basis for control reporting 

• Proactively identify policy and program improvement areas from the control assessments for the improvement of organizational maturity levels 

2. Control Reporting: 
• Ensure periodic testing and reporting of the operational and design effectiveness of IT controls  
• Ensure reports are clear, concise, and actionable, providing insights into potential impact and recommended mitigation strategies. 
 

3. Policy Compliance: 
• Collaborate with relevant stakeholders to monitor compliance (through automated and manual tests) to IT governance policies and procedures. 
• Ensure implemented processes and controls align with industry best practices and regulatory requirements. 
 

4. Compliance and Framework Integration: 
• Ensure the organization’s IT governance practices and control implementations comply with relevant frameworks, including: 
• NIST CSF 2.0 (National Institute of Standards and Technology Cyber Security Framework): Focus on identifying, protecting, detecting, responding, and recovering from cybersecurity threats. 
• CIS Version 8 (Center for Internet Security): Implement critical security controls to defend against prevalent cyber threats. 
• Other control frameworks as applicable.  
 

5. Automation: 
• Demonstrate strong inclination to automate control validation processes to minimize manual efforts  
• Ensure constant efforts to adopt automation mechanisms for control validation and process improvement 
 

6. Training and Awareness: 
• Develop and conduct training programs to raise awareness of IT governance and cyber risk management across the organization. 
• Ensure that all employees understand their roles in maintaining security and compliance. 
 

7. Continuous Improvement: 
• Regularly review and update IT governance practices to reflect changes in the threat landscape and business environment. 
• Foster a culture of continuous improvement and proactive risk management. 
 

Professional Experience / Qualifications 

1. Education and Experience: 
• Bachelor's degree in Cybersecurity, Information Technology, Business Administration, or a related field. 
• 3+ years of experience in governance, risk, and compliance (GRC) or a related role with a focus on policy development. 
 

2. Technical Knowledge: 
• Strong understanding of cybersecurity and enterprise frameworks (e.g., NIST CSF, COBIT, CIS, ISO 27001). 
• Familiarity with regulatory requirements and standards such as DORA, GDPR, NIS2, or other relevant industry-specific regulations. 
• Knowledge of operational and cyber resilience principles. 
 

3. Skills and Competencies: 
• Proven ability to write clear, concise, and actionable policies tailored to both technical and non-technical audiences. 
• Strong analytical skills to interpret regulatory requirements and framework controls. 
• Excellent verbal and written communication skills. 
• Ability to collaborate with cross-functional teams and stakeholders. 
• Proficiency in governance, risk, and compliance (GRC) tools is a plus. 
 

4. Certifications (Preferred but not required): 
• Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified in Governance of Enterprise IT (CGEIT). 
 

5. Personal Attributes: 
• Detail-oriented with a commitment to accuracy and quality. 
• Proactive and adaptable in responding to evolving regulatory landscapes. 
• Strong organizational skills with the ability to manage multiple priorities. 
• A collaborative mindset and willingness to engage with diverse teams. 

Allied World Assurance Company Holdings, Ltd, through its subsidiaries, is a global provider of insurance and reinsurance solutions. We operate under the brand Allied World and have supported clients, cedents and trading partners with thoughtful service and meaningful coverages since 2001. We are a subsidiary of Fairfax Financial Holdings Limited and benefit from a strong capital base and a worldwide network of affiliated entities that allow us to think and respond in non-traditional ways. 

Our generous benefits package includes: Health, Dental and Disability Insurance, a company match 401k plan, and Group Term Life Insurance. Allied World is an Equal Opportunity Employer. All qualified applicants will be considered for employment without consideration of any disability, veteran status or any other characteristic protected by law. 

To learn more, visit awac.com, or follow us on Facebook at facebook.com/alliedworld and LinkedIn at linkedin.com/company/allied-world.