IT Info Security Specialist
Date: May 9, 2025
Location: Erie, PA, US, 16530
Company: Erie Insurance
Division or Field Office: |
Office of the CIO |
Department of Position: | Enterprise Info Security Dept |
Work from: |
Corproate Office, Erie PA |
Salary Range: |
$77,638.00 - $124,019.00 * salary range is for this level and may vary based on actual level of role hired for |
*This range represents a national range and the actual salary will depend on several factors including the scope and complexity of the role and the skills, education, training, credentials, location, and experience of an applicant, as well as level of role for which the successful candidate is hired. Position may be eligible for an annual bonus payment.
At Erie Insurance, you’re not just part of a Fortune 500 company; you’re also a valued member of a diverse and inclusive team that includes more than 6,000 employees and over 13,000 independent agencies. Our Employees work in the Home Office complex located in Erie, PA, and in our Field Offices that span 12 states and the District of Columbia.
Benefits That Go Beyond The Basics
We strive to be Above all in Service® to our customers—and to our employees. That’s why Erie Insurance offers you an exceptional benefits package, including:
- Premier health, prescription, dental, and vision benefits for you and your dependents. Coverage begins your first day of work.
- Low contributions to medical and prescription premiums. We currently pay up to 97% of employees’ monthly premium costs.
- Pension. We are one of only 13 Fortune 500 companies to offer a traditional pension plan. Full-time employees are vested after five years of service.
- 401(k) with up to 4% contribution match. The 401(k) is offered in addition to the pension.
- Paid time off. Paid vacation, personal days, sick days, bereavement days and parental leave.
- Career development. Including a tuition reimbursement program for higher education and industry designations.
Additional benefits that include company-paid basic life insurance; short-and long-term disability insurance; orthodontic coverage for children and adults; adoption assistance; fertility and infertility coverage; well-being programs; paid volunteer hours for service to your community; and dollar-for-dollar matching of your charitable gifts each year.
Position Summary
Working independently or as part of a team, contributes to the planning, implementation, and management of the Information Security program to safeguard ERIE’s digital assets. Implements and maintains security systems and procedures to govern, identify, protect, detect, respond to, and recover from cybersecurity risks, threats, vulnerabilities, and incidents. Completes and may lead assignments of moderate complexity within the Information Security portfolio with minimal guidance. Performs duties in one or more of the following Information Security disciplines, including but not limited to: Application Security (AppSec); Cloud Security (CloudSec); Governance, Risk Management & Compliance (GRC); Identity & Access Management (IAM); Security Operations (SecOps), or Vulnerability Management.
What Will You Do:
This opportunity is for a Senior or Professional IT Analyst on the Information Security Vulnerability Management Team. The Vulnerability Management analyst will be responsible for identifying, continuously monitor and verifying remediation of vulnerabilities in internal and external applications, endpoints, databases, networking, and mobile and cloud services. They will lead efforts to govern Vulnerability Management by informing, advising, and collaborating with technology leadership, application and asset owners, and business units in areas such as patch management, security protocol currency, and vuln management regulatory compliance.
Preferred Experience & Skills based on level:
• Knowledge of security vulnerability and patch management processes.
• Experience conducting vulnerability scans, coordinating vulnerability remediation or similar activities.
• Knowledge of network security architecture and infrastructure concepts.
• Knowledge of network traffic flows and protocols.
• Understanding of Windows and other operating systems, endpoint applications, networking protocols, and devices.
• Experience in analytic problem-solving and performing impact/risk assessments.
• Effective communication and presentation skills. Strong influencing and negotiation skills.
What Makes You Stand Out:
• Knowledge of one or more compliance standards, such as, NIST Cybersecurity Framework (NIST CSF), or New York Department of Financial Services Part 500 Cybersecurity Regulation, etc
• Proficiency with ServiceNow and Information Technology Infrastructure Library [ITIL].
Duties and Responsibilities
- Installs, configures, administers, and analyzes information security technologies, controls, and practices that maintain the confidentiality, integrity, and availability of ERIE's information systems and data assets.
- Continuously detects, logs, monitors, alerts, and reports on information security controls, exceptions, vulnerabilities, threats, risks, and incidents. Executes actions to protect assets and detect vulnerabilities or threats. Executes actions to respond to and recover from vulnerabilities or threats.
- Develops and manages relationships with diverse groups of stakeholders at multiple levels. Partners and aligns with cross-functional risk assurance, IT, and business teams across the enterprise to implement, align, and ensure compliance with security measures.
- Establishes and ensures that security measures are in line with industry standards, best practices, and regulations. Measures and improves the operating rhythm of Information Security as well as the risk posture of ERIE. Advances Information Security controls through maturity assessments, continuous process and automation improvements, appropriate policies/standards/procedures, and capability development.
- Develops and presents reports, metrics, dashboards, and evidence to stakeholders across the enterprise up to and including leadership and corporate officers. Provides support to end-users on security-related issues. Effectively communicates to and influences stakeholders through oral and written communications.
- Provides discipline-specific knowledge in support of security awareness and outreach to ensure that information security best practices are understood and followed enterprise wide.
- Remains current on industry best practices, standards, frameworks, regulations, and emerging security threats through research, training, and participation in industry associations. Makes recommendations for improving the company's security posture. Shares recommendations, knowledge, and relevant content to inform, mentor, or trains others.
The first seven duties listed are the functions identified as essential to the job. Essential functions are those job duties that must be performed for the job to be accomplished.
This position description in no way states or implies that these are the only duties to be performed by the incumbent. Employees are required to follow any other job-related instruction and to perform any other duties as requested by their supervisor, or as become clear.
Capabilities
- Collaborates
- Cultivates Innovation
- Customer Focus
- Decision Quality
- Ensures Accountability
- Instills Trust
- Nimble Learning
- Optimizes Work Processes (IC)
- Self-Development
- Values Diversity
Qualifications
Minimum Education and Experience Requirements
- Bachelor’s degree in relevant field <e.g., IT, MIS, Cyber Security, Risk Management> and 2 years of related experience; or
- Associate degree in relevant field and 4 years of related experience; or
- High School diploma or equivalent and 6 years of related experience, required.
- Completion of a relevant IT-career preparation program approved by ERIE’s Human Resources and IT Talent Optimization Departments if unrelated degree and/or less experience.
- Relevant certifications and/or military training/service may be considered for equivalent education/experience.
Additional Experience
- Foundational knowledge and skill associated with at least one Information Security discipline and in at least one IT domain (analysis, engineering, system administration), required.
- Experience with IT delivery or operational methodologies (agile delivery, SDLC, ITIL), preferred.
- Critical thinking skills and analytical mindset required.
- Persuasive communication and interpersonal skills, and ability to convey technical concepts to non-technical stakeholders, required.
- Ability to participate in on-call rotations and work outside of regular business hours to support cyber event and incident handling may be required.
Physical Requirements
- Ability to move over 50 lbs using lifting aide equipment; Rarely
- Climbing/accessing heights; Rarely
- Driving; Occasional (<20%)
- Lifting/Moving 0-20 lbs; Occasional (<20%)
- Lifting/Moving 20-50 lbs; Rarely
- Manual Keying/Data Entry/inputting information/computer use; Frequent (50-80%)
- Pushing/Pulling/moving objects, equipment with wheels; Rarely
Nearest Major Market: Erie