The Information Security Office has an opportunity for a Senior Security Analyst. You will be responsible for creation and maintenance of information security policies, standards and technical guidelines to support business objectives and regulatory compliance, as well as developing and maintaining methodology and processes for policy benchmarking, and maturity modeling. You will need to be an effective collaborator and communicator both verbally and in writing, capable of translating technical requirements into common terminology. You will collaborate with both IT and corporate personnel.
- Monitor, analyze and report on changes in industry standards, laws and regulations, contractual requirements, the organization’s technology landscape, risk profile and risk appetite.
- Maintain thorough understanding of the company’s security posture, capabilities, and stakeholders.
- Analyze impact to the organization and translate into changes to policies and standards.
- Provide subject matter expertise for policy content, intent of security requirements and applicability to systems and environments[AM1] .
- Evangelize policy, standards and technical guidance to the rest of the organization. Create and conduct presentations and white papers for medium and large audiences.
- Create, review and modify security awareness content related to security policies, standards and technical guidance[AM2] .
- Create and maintain assessment and control maturity methodologies and process used to evaluate compliance with policies and standards
- Create and maintain policy, standards and technical guidance content in Policy & Compliance software.
- Identify and maintain products and solutions to be assessed for compliance in Policy & Compliance software.
- Perform security and control maturity assessments against policies and standards.
- Participate in customer audits as it pertains to the information security governance area.
- Protects our customers, our employees, and our brands by incorporating security and compliance in all decisions and daily job responsibilities; follows security policies and procedures.
- Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future
- Must be committed to incorporating security into all decisions and daily job responsibilities
- 3+ years of information security, compliance and or audit experience in an IT environment
- 3+ years of experience in policy development and or security assessments
- Must have displayed leadership and team-centric skills and have strong solution orientation
- Strong communication and documentation skills
- Capable of leading and facilitating meetings (in-person or virtual)
- Experience working with one or more of the following: PCI DSS, NIST 800-53, ISO 27001/2, NIST CSF industry standards
- Security related certifications such as: CISSP, CISM
- Practicing knowledge of Service Now GRC module
- Solid knowledge of Information Security Forum (ISF) Standard of Good Practice (SoGP)
- Knowledge of European laws and regulations (GDPR)
- Bachelor's degree in Cyber Security, Computer Science, Computer Information Systems, Management Information Systems, or extensive security related experience OR equivalent combination of education and experience