Fraud and Information Security Analyst

About the position

The Fraud & Security Analyst is responsible for detecting and preventing fraudulent activity, monitoring system security, maintaining compliance with regulatory standards, and supporting both internal and external audits.

Responsibilities
• Monitor consumer, broker, or agent activity for suspicious patterns indicating potential fraud or misuse.
• Investigate fraud incidents and prepare detailed incident reports, including root-cause analysis and recommended remediation steps.
• Identify trends, anomalies, and potential risks by analyzing user behavior, system logs, and transactional data.
• Perform user access reviews and enforce least-privilege security principles across systems and applications.
• Participate in security incident response activities, including containment, evidence gathering, root-cause identification, and reporting.
• Conduct vulnerability assessments, track remediation efforts, and validate the installation of security patches.
• Maintain security policies, procedures, and standards to ensure consistent, compliant security operations.
• Prepare for and support internal and external audits, including federal audits and PCI DSS assessments, and internal security/compliance reviews.
• Maintain audit artifacts, control documentation, and evidence repositories to support annual/ongoing audit cycles.
• Document audit findings and track corrective action plans through completion; monitor remediation progress and validate effectiveness.
• Conduct periodic process and control reviews to ensure compliance with internal policies, regulatory requirements, and security standards.
• Support regulatory reporting and ensure timely submission of required audit deliverables and compliance documentation.
• Report key metrics to management
• Stay informed of industry best practices and information security frameworks
• Meet department attendance requirements, including being prompt and available during scheduled shift
• Performs other related duties and tasks as needed.

Requirements
• To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Knowledge of common security frameworks (ISO, NIST, etc.) and regulatory compliance (PCI, SOX, HIPAA, NYDFS, CCPA)
• Experience investigating fraud, security incidents, or compliance issues, including collecting evidence, documenting findings, and supporting remediation efforts.
• Working knowledge of log analysis, monitoring tools, and data analysis techniques to identify suspicious activity, anomalies, and potential security or fraud risks.
• Ability to document processes, controls, and findings clearly and accurately, including writing incident reports, audit evidence, and management-facing summaries.
• Strong analytical and critical-thinking skills, with the ability to assess risk, prioritize issues, and recommend practical, risk-based solutions.
• Understanding of access control concepts and least-privilege principles, including user access reviews, role-based access, and account lifecycle management.

Benefits
• You are also eligible for employee benefits medical, dental, vision, life, and participation in the company 401(k) plan.

Apply tot his job

Apply To this Job