Fraud and Information Security Analyst

About the position

The Fraud & Security Analyst is responsible for detecting and preventing fraudulent activity, monitoring system security, maintaining compliance with regulatory standards, and supporting both internal and external audits.

Responsibilities
• Monitor consumer, broker, or agent activity for suspicious patterns indicating potential fraud or misuse.
• Investigate fraud incidents and prepare detailed incident reports, including root-cause analysis and recommended remediation steps.
• Identify trends, anomalies, and potential risks by analyzing user behavior, system logs, and transactional data.
• Perform user access reviews and enforce least-privilege security principles across systems and applications.
• Participate in security incident response activities, including containment, evidence gathering, root-cause identification, and reporting.
• Conduct vulnerability assessments, track remediation efforts, and validate the installation of security patches.
• Maintain security policies, procedures, and standards to ensure consistent, compliant security operations.
• Prepare for and support internal and external audits, including federal audits and PCI DSS assessments, and internal security/compliance reviews.
• Maintain audit artifacts, control documentation, and evidence repositories to support annual/ongoing audit cycles.
• Document audit findings and track corrective action plans through completion; monitor remediation progress and validate effectiveness.
• Conduct periodic process and control reviews to ensure compliance with internal policies, regulatory requirements, and security standards.
• Support regulatory reporting and ensure timely submission of required audit deliverables and compliance documentation.
• Report key metrics to management
• Stay informed of industry best practices and information security frameworks
• Meet department attendance requirements, including being prompt and available during scheduled shift
• Performs other related duties and tasks as needed.

Requirements
• To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Knowledge of common security frameworks (ISO, NIST, etc.) and regulatory compliance (PCI, SOX, HIPAA, NYDFS, CCPA)
• Experience investigating fraud, security incidents, or compliance issues, including collecting evidence, documenting findings, and supporting remediation efforts.
• Working knowledge of log analysis, monitoring tools, and data analysis techniques to identify suspicious activity, anomalies, and potential security or fraud risks.
• Ability to document processes, controls, and findings clearly and accurately, including writing incident reports, audit evidence, and management-facing summaries.
• Strong analytical and critical-thinking skills, with the ability to assess risk, prioritize issues, and recommend practical, risk-based solutions.
• Understanding of access control concepts and least-privilege principles, including user access reviews, role-based access, and account lifecycle management.

Benefits
• You are also eligible for employee benefits medical, dental, vision, life, and participation in the company 401(k) plan.

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!