About Coterie Applications Inc. 
Through a partnership-based approach, Coterie helps insurance professionals unlock untapped revenue in the small commercial space. With an innovative quoting platform that delivers accurate pricing and bindable quotes in less than one minute, Coterie makes small business insurance effortless.  

We are on a mission to build and foster a world-class team to bring speed, simplicity, and service to commercial insurance. We value integrity, humility, passion, and intelligence. If you want to push yourself, promote social good, and reshape a $200B+ market, we’re excited to talk to you!

What will the Sr Risk Managment Analyst do?

Coterie is hiring for a Senior Information Security Analyst to help design, build, operationalize, and mature capabilities within the information security program.   In this role, you will pair with our Chief Information Security Officer and other members of the Coterie team to assess current state, recommend security capabilities based on the NIST Cybersecurity Framework, work with teams throughout Coterie to implement those capabilities, map capabilities to controls, and then track those controls to ensure they are operating effectively, automating that collection whenever possible. In this role you will also be key in designing and building a robust and risk based Third Party Security program. If you are passionate about information security and having the ability to influence and build a risk-based information security program, this is the right role for you! 

• Passionate about Risk-Based Cybersecurity programs and enabling the business to operate in a secure and compliant manner.
• Execute risk assessments including scoping, threat and risk scenario identification, and all aspects of the risk assessment process. Identify areas of opportunity to reduce residual risk to a level consistent with risk appetite and collaborate with CISO and other security team members to build out the security capability road map.
• Consult on projects and make security control recommendations and assist teams in control design, implementation and tracking.
• Support Service Organization Control (SOC 2, SOC 1) program through evidence gathering, testing, and coordination with auditors and stakeholders
• Strong desire to drive efficiencies, make risk-based decisions, implement automation, and recommend and track meaningful KPIs and KRIs.
• Development and administration of Coterie’s Information Security Program documents including policies, standards and controls library.
• Work collaboratively and help build a strong cybersecurity team.

What we are looking for: 

• Passion for Information Security and Risk Management.
• 3+ years of experience in Information Security and/or Risk and Compliance.
• Experience in identifying risk, and then designing and implementing security capabilities to address those risks.
• Experience in designing controls (capabilities) and measures to determine if controls are operating effectively.
• Experience with security frameworks such as the NIST Cybersecurity Framework.
• Strong written and verbal communication skills including the ability to translate technical topics to non-technical audiences.
• Ability to prioritize and manage various project and operational deliverables.
• Willing to be flexible to support the team as needed

What will make you stand out: 

• Experience managing security projects including timelines and deliverables.
• Experience with compliance regulations (examples include PCI, HIPAA, NY DFS Regulation 500, NAIC model laws, privacy)
• Experience with an Integrated Risk Management technology (also known as a GRC platform).
• Experience working within or building a third party risk management program.
• Certifications such as CISSP, GIAC certifications, Security+ or other related/relevant certifications.

Our interview process: 

Our hiring process generally consists of 4 phases. The goal is to provide an opportunity for us to learn more about our candidates while allowing them to get to know us as well!

• Phase 1: Qualified candidates will first meet with a member of our People Operations team for a phone interview.  This discussion is a high-level conversation to understand more about your background and interests and for us to share more about Coterie and the position.
• Phase 2: Selected candidates will be invited to participate in our PDP survey and meet with our Hiring Manager for a 2nd interview via Teams video. This interview is designed to be more detail oriented and allows you to learn more about the role and expected to be 45 minutes in length.
• Phase 3: Top candidates will be invited to participate in an experiential exercise interview. This will include a project provided in advance. The 1-hour interview will be conducted with our hiring manager and CISO.
• Phase 4: Final candidates will receive an invite to our final interview series. This series will include 1:1 interviews with additional team members. The final series is roughly 1-1.5 hours in total.

What's in it for you? 

Coterie has excellent benefits for all full-time employees. We offer the following:

• 100% remote.
• Health insurance through Aetna (we pay 100% of premiums).
• Dental and vision insurance through Guardian (we pay 100% of premiums).
• Basic life insurance (we pay 100% of premiums).
• Access to flexible spending account (FSA) or health savings account (HSA) (for those using HSA eligible plans).
• 401K plan (up 4% match with immediate vest).
• Flexible PTO and company paid holidays.
• Continuing education stipend.
• A culture with a deep belief in intentionality, inclusion, and treating you like the professional you are.
• The salary range for this position is estimated between 95,000-115,000 based on national data. Candidates who meet all the minimum requirements and possess additional relevant experience, as outlined in the job description, may be considered for a salary above the midpoint of the specified salary range.  Salary is based on internal equity; internal salary ranges; market data/ranges; applicant’s skills; prior relevant experience; degrees or certifications, etc.