Senior Risk and Compliance Analyst
Vacancy expired!
Senior Risk and Compliance AnalystSalary: $100k-$140k + bonusLocation: Chicago, IL(Work from home role. Will travel to office 4-6 times per year) We are unable to provide sponsorship for this permanent full-time roleBonus Eligible A prestigious Fortune 500 company is seeking a Senior Risk and Compliance Analyst that drives compliance of global business units with Company's Global Risk Management and Compliance activities in alignment with Company's IT Risk Management and Compliance Program. Qualifications
- Experience working with ISO 27001 or similar security framework, PCI DSS and CSA CCM standards in an operational IT environment is required
- Working experience with IT Security risk frameworks such as ISO 27005, OCTAVE, FAIR, NIST RMF
- Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment)
- CISSP certification
- Experience applying other security frameworks such as CSF or COBIT, laws and standards like Sarbanes-Oxley, GDPR, HIPAA
- Working knowledge of compliance tools such as the Unified Compliance Framework (UCF) Common Controls Hub (CCH)
- Certifications such as CISA, CISM, CRISC, CIPP
- Works with business teams across the global organization to execute the Information Security, Governance, Risk & Compliance strategy, extending processes as necessary to help business partners identify information security risks and manage risks to an acceptable level
- Collaboratively works to influence and socialize Information Security controls, standards, policies, procedures, and communications
- Advises process owners globally on Information Security controls needed for the mitigation of risks in accordance with the Information Security Process, Risk & Controls framework, and in compliance with regulatory requirements and industry standards
- Track compliance to regulatory and industry standards, including NIST Cybersecurity Framework (CSF), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOx) ITGCs
- Creates comprehensive and various levels of Information Security metrics and reporting for leadership
- Provides guidance with respect to needed changes to established Information Security policies based on day-to-day interactions
- Proactively provides relevant inputs to the global risk framework based on the latest government and industry information regarding new threats and vulnerabilities and communicate relevant information to appropriate teams, soliciting action plans if needed
- Coordinates deployment and measurement of Information Security awareness and training efforts across global business units and subsidiaries
- Ensures that adequate information security contractual protections are included in third party vendor contracts by working with the Indirect Procurement, Data Privacy and the Legal teams
- Monitors and manages the Information Security risk register to ensure that all Information Security risks are accurately represented and actively managed
- Recognizes opportunities to balance risk and creativity in quickly responding to business opportunities
- Aligns individual goals to Information Security and Technology team goals with S.M.A.R.T. objectives
Vacancy expired!
Similar jobs
Psychosis Risk Outcomes Network Study