Senior Security Governance Analyst

Senior Security Governance Analyst – Erlanger, KY [Any ADM location is acceptable]
This is an exempt level position.

Position Summary:
This role will work with the Director Global Security Governance & Awareness within Global Information & Cybersecurity. As part of the security governance & awareness team, this role will help with driving and improving the Global Information Security program and security risk posture of the company. Additionally, this position together with the Director Security Governance & Awareness, will continuingly review, refine, and recommend improvements to the Information Security operating model, enterprise policies, standards, and processes all in order to providing reporting and recommendations to the CISO, GTO, and senior leadership to reduce the risk to the enterprise.

Job Responsibilities:

  • Lead control assessment activities addressing technical and functional security and regulatory requirements. Engage appropriate business units and personnel to plan and execute the Technical Control Governance program. Document gaps and system vulnerabilities; drive risk identification and intake
  • Analyze and be responsible for the implementation, review and update of Global Information & Cyber Security and Global Technology policies, standards, and controls. Collaborate with leadership to develop and implement policies and standards, considering impact to the enterprise. Collaborate with subject matter experts to address new requirements and emerging business needs in a secure manner
  • Oversee, document and track the Policy/Standard Exception Process ensuring that each policy exception is submitted within the guidelines and assessed according to the defined process. Facilitate the mitigation monitoring and reporting of all exceptions. Monitor mitigation and progress with the clients until variances are closed. Facilitate the transfer and smooth handoff of policy exceptions without mitigation to GT Risk Assurance
  • Facilitate the development and implementation of security awareness program training, materials, and events. Develop and deliver content to educate the business about the Technical Control Framework and other organizational program areas
  • Facilitate and lead quarterly phishing campaigns which test every colleague with an email address, including working with all stakeholders prior and providing reporting during and after the campaign is completed, then update all trending metrics
  • Perform security and privacy assessments for applications, technology, and vendors as part of the privacy program for all privacy related technology and work with the Chief Privacy Officer on these requests
  • Compile, review, and analyze security information along with policy compliance as needed to formulate recommendations, metrics, and reports for management review and decision making
  • Support efforts for third-party IT vulnerability assessments and remediation
  • Support partnership GT Risk Assurance to ensure collaboration, smooth handoffs and constant communication
  • Lead efforts to implement ADM Control Framework, including identifying security control gaps (ADM Control Framework consists of NIST-CSF and ISO 27001 / ISO 27002), and produce automated metrics to demonstrate security posture
  • Mentor and develop staff in technical and functional subject areas
  • Lead functional teams on proactively collecting appropriate and relevant metrics based on control implementation and policy compliance to be reported in order for the business leaders to make appropriate risk-based decisions
  • Monitor and report compliance for all Global Technology security policies and standards across the organization utilizing or creating automated reporting and metrics. Drive compliance improvement to processes and to improve security posture IT standard methodologies and leading practices
  • Perform functions in a timely manner and with utmost level of attention to detail, vitality and thoroughness
  • Actively stay aware of processes and methods for addressing and/or acknowledging non-compliance to information security standards and communicate the findings clearly to business areas
  • Develop and communicate guidelines for enterprise security practices
  • Provide leadership in redefining ADM Global Information & Cyber Security Program
  • Build sound business relationships across the enterprise, Chief Information Security Officer, Chief Privacy Officer, Global Technology Officer, and other Vice Presidents / Managing Directors, to enable a confirmed understanding and close alignment with business needs, direction, and risk appetite
  • Collaborate with key business units and capability stakeholders, including, but not limited to, Privacy, IT, Internal Audit, InfoSec, Corporate Security, and HR to develop and improve Information Governance to the enterprise

Required Skills:

  • Minimum of 8 years of experience in security and IT/OT related fields
  • 5 years of regulatory requirements and frameworks such as ISO 27001, ISO 27002, PCI, CIS, SOX, HIPAA, ISO, NIST, COBIT, GDPR, or NIST Cyber Security Framework (CSF)
  • Practical experience implementing NIST, ISO, or other industry standards
  • SANS 401 (can be obtained after employment)
  • Three years of experience in a GRC subject area. One year of work in a Governance, Risk, Compliance (GRC) function in a highly regulated environment, may substitute for up to 18 months experience
  • Three years’ experience with performing privacy, security and risk assessments on applications, services or technology using an industry framework such as NIST CSF or ISO 27001/27002
  • Ability and the experience to produce and automate metrics for policy compliance using tools such as Power BI
  • Experience implementing and/or facilitating a Security Awareness Program, including phishing campaigns
  • Shown success implementing (and documenting) security policies, standards, and/or controls.
  • Ability to translate strategy into measurable plans impact organizational change
  • Familiarity with complex multi-national companies and distributed business models
  • Ability to work across the organization, establishing relationships and influencing peers and management through establishing trust and credibility
  • Experience in one or more of the following areas preferred: network administration, systems administration, SDLC/secure soft, encryption, asset management, identity and access management, IT Operations, Security Risk Management
  • Strong verbal and written communication skills; ability to drive discussions and influence decision making; strong presentation and reporting skills. Proficient in technical writing and using various creative mechanisms to communicate to diverse audiences
  • Ability to connect with and document for technical and non-technical audiences

Desired Skills:

  • Certification such as CISM, CISSP, CISA, CRISC, CISSP, CDPSE
  • Experience using a GRC tool (i.e. One Trust, Lockpath, Archer, etc.)
  • Solid Grasp of vulnerability management
  • Understanding of security technologies such as firewalls, IDS, IPS, encryption, IDAM, SIEM, etc.
  • Understanding and knowledge of Sarbanes-Oxley, GDPR (General Data Protection Regulation) and IT General Controls. Knowledge of third-party auditing, such as cloud, and risk assessment methodologies

Education Requirements:
BA/BS degree or higher or equivalent experience

About ADM:

At ADM, we unlock the power of nature to provide access to nutrition worldwide. With industry-advancing innovations, a complete portfolio of ingredients and solutions to meet any taste, and a commitment to sustainability, we give customers an edge in solving the nutritional challenges of today and tomorrow. We’re a global leader in human and animal nutrition and the world’s premier agricultural origination and processing company. Our breadth, depth, insights, facilities and logistical expertise give us unparalleled capabilities to meet needs for food, beverages, health and wellness, and more. From the seed of the idea to the outcome of the solution, we enrich the quality of life the world over. Learn more at www.adm.com.

EEO

ADM is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability and veterans status.

Ref ID

#LI-NA3

More Information

Apply for this job

Leave your thoughts