We recognize the value that formal cybersecurity risk management processes provide to the company as key enablers of a mature global information security program, and our Global Cyber and Information Security Risk Management team furthers that value by developing the models, policies, and standards used to design, implement, and maintain information technology solutions that meet business needs while incorporating the key principles of information security. The Analyst, Cyber and Information Security Risk Management supports these processes by ensuring that cybersecurity risks associated with complex business operations are within acceptable tolerances.  S/he will perform cybersecurity risk assessments, provide direction and guidance to stakeholders concerning the handling of security risks associated with assessment findings, and assist with the design of appropriate risk mitigation strategies.
 
The role of the Analyst, Cyber and Information Security Risk Management demands business insight, decisiveness, tact, courage, relationship management skills, technical acuity, sound professional judgment, and the ability to effectively communicate with audiences at all levels, both inside and outside of the organization. 
 
How You Will Make a Difference:  
 
1.       Collaborate with information technology and other business unit personnel to identify cybersecurity risks associated with current and planned projects.
2.       Perform assessments of external party information security controls to ensure they meet or exceed our information security risk management requirements for the services to be provided.
3.       Determine information security risk profiles for various vendor and business partner services using questionnaires, relevant industry best practices and standards, and knowledge of our policies.
4.       Recommend solutions to eliminate, reduce, or mitigate cybersecurity risk, and communicate said solutions to external parties and/or internal business stakeholders as appropriate.
5.       Provide direction and guidance as needed to internal project stakeholders concerning statutory, regulatory, and our policy and program requirements.
6.       Record pertinent documentation and communications for all assessments in our online information technology risk management platform.
7.       Report status of engagements to Global Cyber and Information Security management, project managers, and other business stakeholders as appropriate. 
8.       Assist in enforcing information security policies, standards and procedures.  Review requests for exceptions to security policies and provide recommendations to management.
               

POSITION DESCRIPTION

9.       Research and advocate new technologies, architectures, and products that will support security requirements for the enterprise and its customers, business partners, and vendors.
10.    Perform other cybersecurity risk management tasks as assigned.
Years of Related Professional Experience: 3+ years 
 
Educational/ Position Requirements:  
•       3+ years of cybersecurity risk management, IT security control design, and/or IT security control design audit experience.
•       Bachelor’s degree in information systems, computer science, or related field preferred.
•       Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) credentials preferred.  Global Information Assurance Certification Security Essentials (GSEC), CompTIA Security+, or similar credentials considered.
•       Basic knowledge of industry frameworks, regulations, legislation, and audit methodologies, including SOC 1, SOC 2, ISO 27000, SIG, CAIQ, NIST Cybersecurity Framework, Sarbanes-Oxley (SOX), PCI-DSS, GDPR, and various federal and state privacy laws.
•       Ability to broker complex discussions to achieve the proper balance between business needs and cybersecurity best practices.
•       Ability to influence others through persuasion to arrive at desired outcomes.
•       Ability to communicate effectively with a broad range of people and roles, including vendors, information technology professionals, and other business personnel.
•       Ability and desire to seize the initiative, work proactively, and perform assigned duties in a highly independent manner.