Sr. Security Compliance Governance Analyst – 3668
The Information Security Compliance and Governance Senior Analyst works with management and team members in developing strategy and building out our Information Security compliance model and programs, and monitoring and reporting on the company’s information security compliance posture to aid in the protection of the Company’s customer and enterprise data. Responsibilities include representing information security in collaboration with Internal Audit, compliance teams, Financial Controls Reporting, Sourcing, and other departments in building and communicating our security compliance model and programs. The senior analyst collaborates with other members of the Security Compliance & Governance Unit and the IT Security Department, and has strong depth of knowledge in most primary accountabilities. The person ensures adequate and effective security controls are documented and followed in support of compliance and data security requirements, and partners with internal teams to manage control oversight, testing, gap analysis, and remediation tracking. Work includes risk assessments, supplier assessments, security contract negotiations, security awareness communications, facilitation of internal and external audits, and preparation of audit reports for review by Security Management.
• Demonstrated experience providing customer-driven solutions, support or service
• Solid knowledge and understanding of concepts and philosophies regarding the design and deployment of information technologies and associated architectural concepts, principles and tools.
• Demonstrated experience in the development of organizational policies and practices.
• Solid knowledge and understanding of end-user computing tools, hardware, application software, network, communications and mobile technologies.
• Solid knowledge and understanding of information security policies, standards and processes.
• Solid knowledge and understanding of how information security affects an organization and has the ability to link it to business processes.
• Solid knowledge and understanding of audit standards, practices and control frameworks.
• Solid knowledge and understanding of risk assessment and control methods.
• Solid knowledge and understanding of electronic record retention policies and standards
• Strong communication skills, verbal and written, including ability to communicate to broad spectrum of people of diverse IT and IT Security backgrounds.
• Strong presentation skills.
• Strong creative and conceptual mindset to build out security awareness campaigns and presentations.