Senior Security Governance, Risk and Compliance Analyst

Responsibilities:

Pay Transparency Statement:

This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.

Position Summary:

This role will collaborate with various members of the security and technology organizations across the globe over the course of day- to-day assignments.

Position Responsibilities may include, but not limited to:

• Build a Risk Aware Culture by maturing the methods and measures to monitor and report risk, compliance, and assurance efforts through automation and process improvement, which may include use and implementation of GRC technologies
• Develop the compliance evaluation for the information security management framework based on the following: CIS (Center for Internet Security) Critical Security Controls, NIST 800-53, and PCI-DSS
• Analyze and improve the unified and flexible security control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations
• Report on the effectiveness of the framework for roles and responsibilities including ownership, classification, accountability, and protection of information assets
• Assess and recommend policies, standards, procedures, controls, and security solutions in partnership with key stakeholders to protect the confidentiality, integrity, and availability of the global information technology environment
• Develop and facilitate a reporting framework to measure the effectiveness and maturity of the information security program
• Participate in meetings with IT and Business Unit executives to report identified risks or control gaps and provide support for remediation of efforts to reduce identified security risks or gaps
• Other projects or duties as assigned

Qualifications:

Required Skills and Experience:

• Bachelor’s degree in business administration or a technology-related field with 4+ years of experience working in audit, information security or general IT areas related to risk management, controls assurance, compliance programs, cybersecurity and information security regulations, industry standards, and internal policies frameworks. Or High School Diploma with 7+ years of the above stated experience in lieu of a bachelor’s degree
• Great people skills and an ability to work well in fast-paced team environment with a wide range of technical and non-technical teams
• Strong understanding of Information Security and Risk Management practices and principles including audit and regulatory requirements, codes, and industry guidance
• Ability to communicate effectively with technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants, and senior management
• Strategic thinker with strong collaboration skills, detailed working knowledge of IT and information security and risk management best practices, and familiarity in implementing enterprise-wide programs
• Exhibits best practice risk management understanding through a comprehensive knowledge of internal risk controls, risk monitoring, risk assessment and risk management processes
• Strong interpersonal, written, and oral communication skills
• Highly self-motivated and directed professional, with keen attention to detail
• Excellent analytical, problem-solving, and decision-making abilities
• Able to effectively prioritize tasks in a high-pressure environment
• Strong customer service and solution-focused orientation
• This job requires the ability to travel 10% on an annual basis
• This position must pass a post-offer background and drug test

Preferred Skills and Experience:

• Master’s Degree
• CISA, CISSP, CCSK, IAPP/E, IAPP/US, or other professional certifications/associations
• Experience or background in Application Security, Operation Technology (OT), or Cloud Security

Physical Demands and Work Environment:

Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.

In addition, the Company is committed to providing reasonable accommodation to applicants and employees in accordance with applicable law. Requests for accommodation should be directed to your point of contact in the Talent Acquisition or Human Resources departments.

Background Check and Drug Screening: Offers of employment are contingent upon successful completion of a background check and drug screening.

Our compensation philosophy embraces diverse factors for fair pay decisions, valuing skills, experience, and the needs of our business. Moreover, this role may have the opportunity to participate in a discretionary incentive program, subject to program rules.