Senior Analyst Cyber Risk & Control Monitoring

Senior Analyst - Cyber Risk & Control Monitoring Position Summary Do you want to be part of a collaborative Cybersecurity Governance team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise? As a Senior Analyst, Cybersecurity Continuous Control Monitoring (CCM), you will contribute to an enterprise-wide program that provides ongoing assurance that key cybersecurity and technology controls are operating effectively. You will translate control requirements into measurable tests and monitoring, partner with control owners to investigate control failures, and drive remediation through to closure. You will continuously seek out opportunities to improve controls including through automation and AI. You may also help to proactively identify risks and gaps and design controls to address them working in collaboration with process owners, risk and internal audit subject matter experts. This role strengthens audit and regulatory readiness by producing timely, accurate, and repeatable evidence and reporting that supports risk-based decision-making. You are Passionate about improving control effectiveness through measurable, repeatable monitoring and testing Driven to simplify ambiguity, establish operational cadence, and deliver outcomes without constant direction Detail-oriented with a strong quality bar for evidence, documentation, and data integrity Organized and flexible in managing multiple control domains, stakeholders, and deadlines An excellent communicator who can explain control expectations, test results, and remediation requirements in business-relevant terms Collaborative and comfortable influencing control owners, engineers, and leaders to drive timely risk reduction Analytical, with the ability to interpret logs, reports, and datasets to identify trends and control breakdowns Required qualifications Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience) 5+ years of experience in information security, technology risk, control testing/assurance, audit, or GRC Hands-on experience coordinating audits/assessments (internal audit, external audit, or customer assurance), including evidence collection and narrative responses Experience managing risk/issue registers and driving remediation tracking (owners, due dates, evidence of closure, and risk acceptance) Strong written and verbal communication skills, including the ability to produce executive-ready summaries and action-oriented reporting Preferred qualifications Experience designing and executing control tests (design and operating effectiveness) and documenting test procedures/results Strong understanding of control frameworks and regulatory expectations (e.g., NIST

CSF/800-53, MAR, SOC

2, NYDFS, etc.) Experience building dashboards/metrics and presenting control health trends, key risks, and recommended actions Experience working with public cloud platforms (AWS, Azure, GCP) and validating control evidence (e.g., IAM, logging, encryption, configuration baselines) Familiarity with CCM/monitoring tooling and data sources Relevant certifications (e.g., CISSP, CISA, CRISC, Security+, CCSP) or demonstrated progress toward one You will: Continuous Control Monitoring Contribute to the implementation and day-to-day operation of the continuous control monitoring (CCM) program, including control scope, design, improvement, and monitoring cadence, thresholds, and escalation paths Monitor control health metrics and risk indicators (KPIs/KRIs) to proactively detect control degradation and configuration drift Partner with control owners to validate control performance, investigate exceptions, and document root cause and corrective actions Leverage automation and tooling to enhance near-real-time visibility into control health (automated evidence collection, alerting, dashboards, and repeatable test scripts/queries) Maintain a control inventory and control-to-evidence mapping aligned to internal policy and external frameworks; ensure controls have clear owners, descriptions, and measurable success criteria Develop and maintain control test procedures (what is tested, data sources, sampling/coverage, frequency, and pass/fail criteria) and ensure results are reproducible and audit-ready Validate data quality (completeness, timeliness, and accuracy) for CCM feeds and document assumptions, limitations, and compensating checks Audit Coordination & Management Serve as liaison for internal audit, external audit, and third-party assessments Coordinate audit requests, evidence collection, and stakeholder responses across teams Ensure consistency, quality, and timeliness of audit deliverables Track audit and assessment findings, ensuring appropriate documentation and closure Reporting & Governance Contribute to governance forums by providing insights on risk posture and control maturity Partner with: Security Engineering & Operations Enterprise Risk Management Internal Audit Privacy & Legal Reporting Relationships As our Senior Analyst, Cybersecurity Continuous Control Monitoring, you will report to our Head of Cybersecurity Governance. Location Three days a week at our Guardian office in

New York, NY or Bethlehem, PA Salary Range:

$95,170.00 - $156,355.00 The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation. Our Promise At Guardian, you'll have the support and flexibility to achieve your professional and personal goals. Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards. Inspire Well-Being As part of Guardian's Purpose - to inspire well-being - we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at www.guardianlife.com/careers/corporate/benefits. Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits. Equal Employment Opportunity Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law. Accommodations Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact MyHR@glic.com.

Please note:

this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site. Visa Sponsorship Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship. Notice Regarding Guardian's Use of Artificial Intelligence in Recruitment As part of Guardian's job application process, Guardian may use artificial intelligence tools ("AI Tools") to automate the sorting and filtering of information provided by applicants as part of its preliminary screening. This preliminary screening may be used to help identify applicant materials and resumes relative to their indication that the applicant meets the requirements for the specific job for which they are applying, as specified in the listing posted on Guardian's jobs website (Careers at Guardian at https://www.guardianlife.com/careers). At Guardian, we do not use AI Tools to substantially assist or replace human judgment or discretionary decision making in our hiring process. All hiring decisions will be made by Guardian colleagues. Please be aware that if you apply for a specific position with Guardian, you will have the choice of opting out of Guardian's use of AI Tools during the job application process. If you would like to request an alternative process that does not utilize AI Tools or would like to request a reasonable accommodation, within ten business days of your position application, you must email your request to MyHR@glic.com, making sure to provide your name and job requisition identification number. Guardian will retain your applicant materials and resume and all information therefrom in accordance with Guardian's document retention policy, a copy of which you may request via MyHR@glic.com. Additionally, at applicable times, Guardian will make public the most recent bias audit results for such AI tools, which may be found here.

Current Guardian Colleagues:

Please apply through the internal Jobs Hub in Workday. Every day, Guardian helps our 29 million customers realize their dreams through a range of insurance and financial products and services. Our Purpose, to inspire well-being, guides our dedication to the colleagues, consumers, and communities we serve. We know that people count, and we go above and beyond to prepare them for the life they want to live, focusing on their overall well-being — mind, body, and wallet. As one of the largest mutual insurance companies, we put our customers first. Behind every bright future is a GuardianTM. Learn more about Guardian at guardianlife.com.

Visa Sponsorship:

Guardian Life is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant, you must be legally authorized to work in the United States, without the need for employer sponsorship.