Cyber Security Analyst - Governance Risk & Compliance
Kraków, Polska ● Memphis, Tennessee, Stany Zjednoczone ● Sao Paulo, São Paulo, Brazylia Numer wniosku: 571
czwartek, 30 czerwca 2022
The Governance Risk & Compliance (GRC) Analyst is part of the Global Information Security organization. The ideal candidate analyzes corporate security concerns in terms of business objectives, audit recommendations and industry regulations to drive Sylvamo’s Governance program. The role will include primary responsibility for developing, managing, and communicating IT/Cyber policies and supporting documents in support of industry and regulatory needs as well as general IT/Cyber practices. The candidate must be an exceptional communicator and demonstrate the ability to build relationships within a diverse team environment. You will work with essential players, performing and improving the current control environment, promoting security awareness and monitoring metrics to measure control effectiveness and other projects based on specialized plans. You will help maintain standards and documentation. You will report to the GRC Manager.
- Create and participate in the execution of self-assessments and other business assurance activities to provide a more accurate picture of criteria and gap areas against standards and expectation.
- Assist with internal and external security reviews, audits, and controls evaluations.
- Demonstrate flexibility to meet the needs of external and internal customers regarding changes in work volume, scheduling changes, planned changes, and unplanned changes.
- Strong knowledge of Cloud Technologies (Azure) and Server Operating Systems (Windows & Linux).
- Provide input to the company risk management process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and training materials).
- Assist with developing technical requirements and documentation.
- Work as part of a team to discuss and collaborate on ideas and solutions.
- Can-do attitude and adaptive to a rapidly changing environment.
- Excellent time management skills, handling multiple priorities with individual deadlines.
- Solve difficult challenges while providing high level platform uptime and availability.
- Serve as SME to troubleshoot and support issues.
- Lead meetings with business partners to ensure remediation efforts adhere to corporate standards and policies.
- Provide expert level analysis/validation of remediation actions taken, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
- Create reports and dashboard to support cyber security metrics
- Partner with business leaders on application integrations as it pertains to Governance Risk & Compliance.
- Direct the establishment and continuous improvement of Governance Risk & Compliance processes to ensure day-to-day operational stability and security.
- Development and execution of applicable Governance Risk & Compliance policies and standards
- Maintain applicable Enterprise Service Levels (SLAs) and metrics for the Governance Risk & Compliance tower.
KNOWLEDGE AND EXPERIENCE:
- Bachelor’s Degree in Information Technology, Information Security/Assurance, Computer Science, Engineering, or related field of study, or any combination of relevant equivalent experience, education and training
- 3+ years of overall IT work experience
- 3+ years in an Information Security Role.
- Experience with Security Awareness, policy creation and phishing concepts.
- Proven leadership skills with the ability to manage conflict, deal with ambiguity, negotiate and make timely decisions
- An advanced understanding and practical application experience in Governance Risk & Compliance and security related technologies and services is a must
- Understanding of a variety of technical concepts such as: Networking, systems administration, application development, cloud computing and information security best practices
- Experience with data analytics with the ability to provide qualitative analysis and recommendations
- Ability to assess and communicate risk within a business context
- Strong attention to detail, data accuracy, and data analysis
- Self-motivated and operates with a high sense of urgency and a high level of integrity
- The ability to learn and apply new concepts quickly
- Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure and incident response situations
- Excellent verbal and written communication skills with demonstrated ability to write clear, concise business communication for multiple levels (management, technical, and user).
- Security Certification preferred: CISSP, CISM, GIAC or CISA or similar
- Open to Remote Work. Minimal Travel (<10%); Minimal lifting / physical requirements
- Rodzina zadań Information Technology
- Funkcja zadania Information Security
- Typ wynagrodzenia Wynagrodzenie
Ta oferta jest nieaktywna.
- Kraków, Polska
- Memphis, Tennessee, Stany Zjednoczone
- Sao Paulo, São Paulo, Brazylia