Security Analyst, CIS, A&A

What Will You Be A Part Of?

The Security and Privacy Analyst, A&A, has global responsibility for supporting IT and Cybersecurity and Data Privacy Risk Management as part of the Corporate Information Security (CIS) Program.

The A&A team is responsible for evaluating IT Cybersecurity Risk, 3rd Party Risk and Data Privacy controls and ensuring compliance with corporate policies as well as external standards and regulations. The Security and Privacy Analyst will perform control assessments in support of various Company initiatives, perform ongoing data gathering and analysis identifying and reporting overall compliance state, metrics and reporting.

As a member of the Corporate Information Security, A&A team, Security and Privacy Analyst is responsible for completing the various processes within the risk compliance team, including performing (security, 3rd party and data privacy) control assessments in support of various Company initiatives, perform ongoing data gathering and analysis, identifying and reporting overall compliance state, as well as producing associated metrics and reporting. In this role, the analyst will also be responsible for various mid to lead level assignements, closely engaging both internal team and external resources. The primary area of focus, will be completing global assessments, interfacing very closely with other IT/Business resources in the globe.

A resume and tailored cover letter are required to apply for this position.

What Will You Do?

• Support Risk A&A team operational activities by performing and assisting with compliance/control assessments and analysis within Cybersecurity, 3rd Party risk and Data Privacy domains.
• Maintain the control assessment workflow and ensure tickets are actioned according to team procedures.
• Perform 3rd party assessments in accordance with company’s TPRM policy.
• Drive continues process improvement, encouraging thought and technical leadership across the team, collaborate with team to assist in designing and maintaining tools and processes for Governance, Risk & Compliance (GRC) program to help provide visibility across governance requirements/policy and compliance controls into and across all systems, applications, and projects globally to aid in risk and compliance measurement across the organization.
• Support in identifying, collecting and mining data required for various facets of the A&A team (e.g. risk register, CMDB, metrics and reports).
• Support team in instituting and maintaining an effective compliance education/awareness/communication program for the organization, including understanding of CIS compliance assessment practice and ability to advise business on how to maintain compliance state for Cybersecurity, specific to their domain.
• Perform other duties related to Risk Management as assigned.

How Will You Get Here?

• 3+ years’ experience in IT, Cybersecurity, audit and/or data privacy work experience or Bachelor’s Degree in Risk Management, Information Assurance, Information Security, Cybersecurity, or other related IT fields. Relevant certifications such as CRISC, CISSP or CISA are recommended.
• Understanding of various risk management frameworks such as the NIST Risk Management Framework and Center for Internet Security Risk Assessment Methodology. ISO27001/18 experience is highly preferred.
• Ability to explain complex legal and compliance topics to a non-technical audience.
• General understanding of cybersecurity technologies and controls with the ability to bridge the gap between regulatory and technical concepts
• Strong analytical, program development and leadership skills required, including a thorough understanding of how to interpret technical projects, calculate risk management and mitigating actions.
• Excellent verbal and written communication skills and the ability to communicate effectively with a diverse group, executives, managers, and domain experts. Excellent customer service skills are required!
• Demonstrated ability to complete work with minimal direction and self-identify tasks.
• Good interpersonal, organizational, and excellent documentation skills.

Non-Negotiable Hiring Criteria:

• Good attention to detail and high interpersonal competence.
• Excellent verbal and written communication skills. The ability to communicate effectively with a diverse group: executives, managers, and domain experts!
• The ability to take direction and independently work, or lead through projects as required.
• Strong customer service oriented demeanor.
• Demonstrable ability to handle conflict and adversity with confidence and integrity.
• Willingness to become an authority in realm of risk management, information security and data privacy.

Job ID: 193652BR