Cyber Risk Analyst

WestRock (NYSE: WRK) partners with our customers to provide differentiated paper and packaging solutions that help them win in the marketplace. WestRock’s 50,000 team members support customers around the world from more than 320 operating and business locations spanning North America, South America, Europe, Asia, and Australia. Learn more at www.westrock.com.

Our technology organization is transforming how we work at WestRock. We align with our businesses to deliver innovative solutions that:

• Address specific business challenges, integrate processes, and create great experiences
• Connect our work to shared goals that propel WestRock forward in the Digital Age
• Imagine how technology can advance the way we work by using disruptive technology

We are looking for forward thinking technologists that can accelerate our focus areas such as building stronger foundational technology capabilities, reducing complexity, employing digital transformation concepts, and leveraging disruptive technology.

Location and/or Business/Division Details (if applicable)

Cyber Risk Analyst – Northpark HQ, GA

Position Summary:

The opportunity:

The Cyber Risk Analyst (Analyst) role is focused on providing expert advice and effective oversight of information security and technology activities to identify, assess, control, and manage cyber risks throughout WestRock. This position plays a critical role in helping to ensure that WestRock is aware of the inherent and residual risks in activities and decisions, the impact of their actions at an enterprise and activity level, and opportunities to reduce, mitigate, or avoid the risks altogether. The Analyst will support other assigned IT Governance, Risk, and Compliance (GRC) initiatives.

How you will impact WestRock:

· Enhance the company cyber risk assessment program and partner with WestRock teams to identify, assess, monitor, and mitigate cyber risk exposure.

· Establish cyber risk baselines through business impact assessments, interviews, and artifact review.

· Support proactive assessments of controls to establish internal and external cyber risks and periodic self-assessments to reevaluate control strength.

· Conduct workshops and deliver final cyber risk assessment reports to executive stakeholders.

· Maintain risk register and drive remediation and prioritization based on risk appetite and various compliance requirements.

· Leverage ServiceNow GRC to lead the issue management and resolution efforts.

· Communicate and document cyber risks to ensure the business segment is complying with applicable laws, regulations, policies, and standards.

· Coordinates with Business and IT Leadership Teams, Corporate and Field security teams to facilitate key risk management processes and define acceptable levels of risk.

· Participate in key initiatives as the subject matter expert to ensure alignment with information security strategies and roadmap.

· Identify and establish process improvements, automation, and innovation opportunities to simplify, standardize and improve risk management.

· Support other assigned IT GRC initiatives.

· Stay up to date on current events to identify emerging security technologies, risks, and trends to ensure that computing environment keeps pace with security technology and risk landscape evolution.

What you need to succeed:

· A bachelor’s degree in IS, MIS, CS, or a similar level of training.

· 2-5 years information security and/or risk management experience.

· Strong Project Management, Organizational Planning, Collaboration, and Interpersonal skills.

· Proven experience and success with managing Technology or Information Security risk functions.

· Demonstrated experience with information security risk, governance, and control frameworks and/or regulatory requirements including NIST CSF, ISO/IEC 27000 series, SOX 404, PCI, HIPAA, Privacy, CIS, CSA.

· Ability to execute in a fast-paced, team-oriented environment.

· Effective written and verbal communication skills.

· Ability to interact and support all levels of the organization.

· Exceptional administrative, organization and time management skills.

· Ability to successfully manage multiple tasks and assignments while meeting competing deadlines.

· Proficient knowledge and experience with cyber risk and information security industry terminology and best practices.

· Excellent computer skills and proficient in MS Office 365 and ServiceNow or an equivalent GRC system.

What we offer:

· Corporate culture based on integrity, respect, accountability, and excellence

· Comprehensive training with numerous learning and development opportunities

· An attractive salary reflecting skills, competencies, and potential

· A career with a global packaging company where Sustainability, Safety and Inclusion are business drivers and foundational elements of the daily work.

WestRock Company is an Equal Opportunity Employer committed to creating and maintaining a diverse workforce: Minorities/Females/ Disabled/Veterans.