IT Security Risk and Compliance Analyst
Posted on Apr 5, 2019 by Request Technology - Craig Johnson
Prestigious Enterprise Company is currently seeking a Sr. Information Security Risk Analyst. Candidate supports the Global risk management and compliance activities for all risk and security frameworks through execution of the Global IT Risk Management and Compliance Program. Candidate will be using approaches and processes to identify and assess IT risk, apply appropriate controls, document agreements and execute required follow up processes. Candidate will assist with the definition, creation and execution of security awareness efforts for all business units and activities required to support the design, implementation and ongoing operation of the Risk Metrics and Measures program.
- Engages business teams across the global organization to assess execution of the Compliance and Risk Management program framework to help global business partners identify information risk and manage mitigation to an acceptable level
- Executes global risk management processes to help business partners develop controls needed for the mitigation of risk for business processes not compliant with information security and risk frameworks
- Socializes strategies, standards, policies, procedures, communications and awareness efforts with all business partners
- Provides feedback on compliance with and customer concerns about established IT Security policies based on day-to-day interactions with Company businesses.
- Takes actions as directed to ensure compliance of global business units in actions necessary to ensure compliance with applicable frameworks including, but not limited to, Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS) and specific ISO, BS or other standards as required.
- Remains aware of Data Privacy guidance to allow appropriate actions to escalate to management any gaps which arise in data privacy compliance.
- Takes actions as directed to assist in auditing compliance of business units to established security strategies, standards, policies, and procedures
- Works with global business units to understand awareness gaps and to create plans for awareness training, testing and success measures.
- Works closely with the business, Procom and legal teams to review proposed vendor engagement terms and conditions and apply the Company risk profile, providing the appropriate feedback as to any changes needed and documenting exceptions to the process.
- Monitors assigned work in the risk register to ensure that all risks are accurately represented and actively managed.
- Aligns individual goals to Risk and Compliance team goals with objectives.
- Recognizes opportunities to balance risk and creativity in quickly responding to business opportunities.
- 5+ years of experience in related field preferred.
- Basic understanding of risk concepts including risk identification, evaluation, mitigation and measurement
- Awareness of auditing standards and frameworks (eg COBIT, ISO 27001), industry guidelines and laws (eg Sarbanes-Oxley Act and PCI DSS) and privacy concepts (EU Data Privacy Directive, HIPAA) helpful, but not required
- Must be able to work in a collaborative team environment with individuals at appropriate levels of the Company
- Understanding of continuous improvement concepts and ability to effectively incorporate those skills into day-to-day work
- Effective negotiation skills
- Good verbal and written communication, facilitation, and interpersonal skills