Unfortunately, this job posting is expired.
Don't worry, we can still help! Below, please find related information to help you with your job search.
Don't worry, we can still help! Below, please find related information to help you with your job search.
Related keywords
- Senior Information Security Analyst
- Senior Information Security Engineer – Remote
- Senior Information Governance Specialist
- Information Governance Business Analyst
- Internship Information Security Analyst Remote
- Information Security Analyst Remote
- Information Governance Analyst
- Remote Information Security Analyst
- Information Governance Data Governance Analyst
- Information Security Governance Specialist
Some similar recruitments
Information Security Analyst Jobs
Recruited by Progress Rail Services Corp. 9 months ago
Address , Albertville, 35950, Al
Information Security Risk Analyst Us Remote
Recruited by Motorola Solutions 1 year ago
Address , , Ma
Information Security Governance Senior Analyst - Remote
Company | Harbor Freight Tools USA, Inc. |
Address | , Calabasas |
Employment type | |
Salary | $88,720 - $133,080 a year |
Expires | 2023-09-18 |
Posted at | 9 months ago |
The Information Security Governance Senior Analyst (Sr. Security Analyst) works within Risk Management’s Data Governance team at Harbor Freight Tools (HFT) to implement, monitor, and continuously improve HFT’s security governance, risk, and compliance programs. The Sr. Security Analyst, reporting to the Sr. Manager Data Governance will be responsible for collaborating cross-functionally with IT and the business on security governance activities and supporting the company's obligation to identify technology and security risks, and manage related legal, regulatory and compliance risks.
This position will perform complex risk assessments and apply HFT risk management methodologies to ensure that stakeholders are aware of relevant risk and controls requirements. The position will work with IT and Cyber Security teams to provide technical guidance and evaluation of security controls and will ensure alignment with overall organizational goals. This position will evaluate 3rd party risk and will make recommendations to leadership and operational teams. This is an individual contributor role and will not have direct reports but may direct others based on specific project needs.
Duties and Responsibilities
This position will perform complex risk assessments and apply HFT risk management methodologies to ensure that stakeholders are aware of relevant risk and controls requirements. The position will work with IT and Cyber Security teams to provide technical guidance and evaluation of security controls and will ensure alignment with overall organizational goals. This position will evaluate 3rd party risk and will make recommendations to leadership and operational teams. This is an individual contributor role and will not have direct reports but may direct others based on specific project needs.
Duties and Responsibilities
- Develops and implements compliance testing protocols related to security frameworks, policies, etc. and works with key stakeholders to correct/mitigate as needed.
- Oversee records retention governance monitoring and reporting for compliance specific to e-records.
- Develop a close partnership with control owners, educating them on applicable security compliance requirements, security risk areas, mitigations, process improvements, and risk-appropriate control recommendations.
- Promote a culture of security awareness through annual and ad hoc training programs including Anti-Phishing simulation testing. Be an advocate for security best practices and the security compliance resource for stakeholders from departments throughout the company.
- Evaluate security risks associated with Third-Party/Vendor to ensure that Third-Party technology environment and security controls appropriately protect shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular re-assessments.
- Manage security/risk exception process.
- Lead security risk assessments for CIS20, HIPAA, and IT on an annual basis. Support coordination of internal and external audits that are associated with cybersecurity and technology risks, including facilitating audit evidence collections, responses to observations and reporting.
- Works with subject matter experts (SME) and management to manage information security policies, standards and supporting documentation.
- Stay updated on developing regulatory concerns and changing IT/security trends.
- Assist in continuous controls monitoring utilizing GRC solution, dashboards, analytics, automation, and other supporting tools.
- Ensures that Access Control Lists (ACLs) are regularly reviewed such that only permitted individuals have access to company information.
- Serve as a subject matter resource to assess compliance implications for areas that have gaps.
- Assist in the development and execution of data discovery scanning, analytics, and corrective actions.
- Support issue management efforts, which include remediation tracking, status reporting and validating closure of security gaps, non-compliance issues and/or security risk.
- Travel – <10%
- Decision making - Creates policy and resolves problems, provides data for decision support, negotiate on behalf of management, provides consultation or expert advice, participate in planning business objectives, represents the company in handling complaints, disputes or resolving grievances.
- Staff supervision and development — Individual contributor with authority to direct matrixed resources
- Location— Flex Remote
Requirements
Education (Required)
- Relevant professional designation (CISSP, CISA, CRISC, CRMA, CIPP) preferred
- Bachelor's Degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field or equivalent experience
- Experience with the monitoring and evaluation of technology processes and controls including design and operating effectiveness testing and reporting on results and recommendations.
- Strong problem-solving skills and resourcefulness.
- Experience working independently and in collaboration with cross-functional teams.
- Experience with Third-Party / Vendor Security Risk Management
- Experience with GRC tools (OneTrust, Archer, ServiceNow, etc.)
- Knowledge and experience with compliance and regulatory frameworks, standards, and controls, such as NIST, ISO27001, PCI DSS, SSAE 18 (SOC), COSO, SOX
- Excellent computer skills, including PowerPoint, Microsoft Word, Excel, Visio, and Outlook
- Strong analytical skills, self-motivated, excellent written and verbal communication skills.
- Experience working in a fast-paced environment.
- Experience providing in-depth analysis of complex issues which are then presented to cross-functional teams.
- Hands-on experience with security risk management practices
- 7+ years’ experience in data security, risk management, privacy, and/or compliance disciplines
About Harbor Freight Tools
We’re a family-owned business with over 45 years as a national tool retailer, and with the energy, enthusiasm, and growth potential of a start-up. We are a $6.75+ billion company with over 1,350 stores in 48 states, 25,000+ Associates, and one of the fastest-growing retailers in the country.
-
Systems Analyst - Excel, Xml, Sql, Scripting
By CyberCoders At Salt Lake City, UT, United States 8 months ago
-
(Senior) Finance & Shared Services Manager
By Catholics For Choice At Washington, DC, United States 8 months ago
-
Paralegal - Probate Administration
By CyberCoders At Miami, FL, United States 8 months ago
-
Account Executive - Automotive Software
By ECW Search At United States 8 months ago
-
Construction Project Coordinator Jobs
By CyberCoders At River Falls, WI, United States 8 months ago