Senior IT Compliance Analyst

BHSI • Full-time • Boston, MA, US • $95k - $125k / year • 1d ago

Who are we?

A strategic and trusted insurance partner, Berkshire Hathaway Specialty Insurance (BHSI), provides a broad range of commercial property, casualty and specialty insurance coverages and outstanding service to customers and brokers around the world. Part of Berkshire Hathaway’s insurance operations, we bring our solutions to market with our stellar brand name, top-rated balance sheet, and the expertise of our global team of professionals, who exude excellent capabilities and strong character.

We are a values-based organization where respect, integrity, excellence, collaboration, and passion define who we are and how we do business. We value diversity of backgrounds, experience, and perspectives and strive to foster an inclusive environment that enables all our team members to bring their best selves to work. We are one team committed to building a culture where every teammate has the opportunity to contribute and be recognized. Want to be part of the team building the finest property, casualty and specialty lines insurance company in the world?

Learn more about our unique culture and history .

Job Opportunity

Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a new team member to join our Boston-based IT Governance Risk Audit and Compliance (GRAC) team as a Senior IT Compliance Analyst. In this role, the IT Senior Compliance Analyst will take an active role in the execution of our IT audit and compliance framework, while collaborating closely with both internal and external partners. This position offers the chance to make a significant impact, working with external global regulators and collaborating with internal regional legal and compliance leaders across regions from an enterprise-wide vantage point. If you're passionate about driving meaningful change, growing your career, and helping lead an evolving global IT audit and compliance program, we’re interested in speaking with you.

Duties & Responsibilities

Lead in executing IT audit/compliance activities, and follow up with responsible parties regarding outstanding requests, and/or questions.
Maintain, organize, and store audit evidence in preparation for upcoming scheduled audits.
Conduct audit readiness assessments (i.e., health checks) and assess the effectiveness of current controls and processes in place.
Lead in developing, implementing, and executing additional internal IT audit/compliance activities.
Coordinate with team members regarding the remediation status of closing out identified audit gaps and ensuring compensating controls are implemented.
Review third-party service providers/vendors as part of IT due diligence, including assessing vendor control environment, reviewing SOC reports (i.e., SOC 2 type 2 reports), validating security certifications, identifying control gaps, and ensuring required remediation or compensating controls.
Analyze and support compliance with global IT regulatory authorities (i.e., GDPR, CBI, DORA, MAS, APRA, BAFIN, etc.) and coordinate with individuals to ensure controls are in place to meet requirements.
Provide support to our offices from both a U.S. and global perspective (i.e., Asia, Middle East, UK, Europe, Australasia, etc.) regarding the fulfillment of external audit requests and obligations.
Attend/participate in e-learning training sessions to increase background knowledge of the ever-evolving IT regulatory landscape.
Support in AI risk and governance oversight to ensure responsible and compliant use of AI technologies.

Qualifications, Skills And Experience

6+ years of experience working in an IT audit/compliance function with a general understanding (at minimum) in several of the IT audit/compliance topics listed below:
Active Directory, password standards, user access provisioning/deprovisioning, user access reviews, change management, batch jobs/backups, disaster recovery, service accounts, patch management, risk assessment.
Software development and IT operations knowledge to assess the planning and ongoing maintenance of DevSecOps practices and Application security.
Knowledge of cloud governance, cloud technology and cloud security is a plus.
Solid background knowledge of US domestic IT regulations (i.e., SOX, CCPA, PCI, NY-DFS etc.) is recommended.
Familiarity with global regulatory frameworks (e.g., GDPR, CBI, DORA, MAS, APRA, BaFin) is preferred but not required.
Ability to work in a team-based environment and communicate effectively and efficiently with others domestically and globally.
Experience with GRC tools such as Workiva, AuditBoard, ServiceNow, Drata, Vanta, or similar platforms is a plus.
AI experience is a plus, including an understanding of AI risks, responsible AI concepts, or emerging AI regulatory requirements.
Professional certifications such as CRISC, CISA, CISM, CISSP, or ISO/IEC 27001 Lead Implementer/Lead Auditor (or equivalent) are a plus.

BHSI Offers

A competitive package and exciting growth opportunities for career-oriented teammates.
A dynamic, action oriented, and thoughtful environment centered on always doing the right thing for our customers, teammates and our other stakeholders.
A purposely non-bureaucratic organization that embraces simplicity over complexity and emphasizes individual excellence in a team framework.
Benefits that support your life and well-being, which include:
- Comprehensive Health, Dental and Vision benefits.
- Disability Insurance (both short-term and long-term).
- Life Insurance (for you and your family).
- Accidental Death & Dismemberment Insurance (for you and your family).
- Flexible Spending Accounts.
- Health Reimbursement Account.
- Employee Assistance Program.
- Retirement Savings 401(k) Plan with Company Match.
- Generous holiday and Paid Time Off.
- Tuition Reimbursement.
- Paid Parental Leave.

The base salary range for this position in Boston is $95,000.00 to $125,000.00, along with annual bonus eligibility. Total compensation for a candidate is determined by their relevant skills, location, and experience. We value our teammates – both their capabilities and character – as demonstrated by our amazing culture.

NOTE: Compensation will be commensurate with experience. This job description is not intended to be all-inclusive. Team Member may perform other related duties as negotiated to meet the ongoing needs of the organization.

Apply