Global Sec Assurance Consult (Remote, US, 31999)

Salary Range: $108,000 - $135,000Job Posting End Date: 4/13/26We’ve Got You Under Our WingWe are the duck. We develop and empower our people, cultivate relationships, give back to our community, and celebrate every success along the way. We do it all…The Aflac Way.Aflac, a Fortune 500 company, is an industry leader in voluntary insurance products that pay cash directly to policyholders and one of America's best-known brands. Aflac has been recognized as Fortune’s 50 Best Workplaces for Diversity and as one of World’s Most Ethical Companies by Ethisphere.com. Our business is about being there for people in need. So, ask yourself, are you the duck? If so, there’s a home, and a flourishing career for you at Aflac.Work Designation. Depending on your location within the continental US, this role may be hybrid or remote. If you live within 50 miles of the Aflac offices located in Columbus, GA or Columbia, SC, this role will be hybrid.This means you will be expected to work in the office for at least 60% of the work week. You will work from your home (within the continental US) for the remaining portion of the work week. Details of this schedule will be discussed with your leadership. If you live more than 50 miles from the Aflac offices located in Columbus, GA or Columbia, SC, this role will be remote. This means you will be expected to work from your home, within the continental US. If the role is remote, there may be occasions that you are requested to come to the office based on business need. Any requests to come to the office would be communicated with you in advance.What does it take to be successful at Aflac? Acting with IntegrityCommunicating EffectivelyPursuing Self-DevelopmentServing CustomersSupporting ChangeSupporting Organizational GoalsWorking with Diverse PopulationsWhat does it take to be successful in this role?Excellent verbal and written communication skills with strong attention to detail. Proficient in Japanese when directly supporting the Japan CAP team. Experience applying and assessing industry-recognized security standards for Information Security, Physical Security, Business Continuity, Disaster Recovery, Crisis Management, and IT (Asset Management, Configuration Management, Vulnerability Patching) Knowledge and experience in the following: Technology Risk Management concepts and control Managing to regulatory requirements for protecting information assets Global technology organizational concepts Principles and methods of all information security disciplines Knowledge of regulatory protective requirements of personal private information (i.e. FSA, FISC, HIPAA, GLBA, SEC, NYDFS, and financial integrity under Sarbanes-Oxley, etc.) Knowledge of and in-depth experience in the ability to apply industry-recognized security standards Knowledge of cloud computing technologies and security best practicesEducation & Experience RequiredBachelor’s Degree in Computer Science, Information Security, Cybersecurity, business administration or a related field Five or more years of information technology security experience Or an equivalent combination of education and experienceEducation & Experience PreferredCertified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)Principal Duties & ResponsibilitiesMaintain the cybersecurity control library composed of entity, global and regional controls aligned against the NIST Cybersecurity Framework and utilizing NIST 800-53 controls as a basis and share ideas for control enhancements and maturity opportunities Maintain the associated control requirements and meta data for the controls as well as the control mapping to laws, regulations, and industry standards Perform quality review of requests for control requirement changes to ensure proper rigor is consistently in place across all regions Assist with conducting the annual enterprise risk assessment, including maintaining mapping to the controls Assist with facilitating the annual Control Owner attestation process in alignment with CAP's procedures Maintain the control self-testing guidelines which define guidance for Control Owners to perform testing of control design and operating effectiveness Provide guidance to Control Owner as needed regarding testing documentation, evidence, and other supporting material that can be leveraged by the Control Owner to ensure their test conclusion is properly supported for test of design and operation effectiveness As assigned, provide support to regional CAP teams (e.g. Japan CAP) regarding CAP processes Collect remediation plans from Control Owners where control gaps have been identified, and proactively track progress of remediation Assist with facilitation of independent maturity assessments of the Global Security program against the NIST Cybersecurity framework via the oversight of an independent assessment conducted by a third party Identify integration points into enterpr