Infogroup is looking for top talent to join our dynamic and innovative team. We are currently seeking a Security Analyst II to join our Papillion, NE office.The Security Analyst II position will perform control assessments on third party control environments, including infrastructure/application stacks and other technologies. In addition will provide thought leadership on all aspects of third party assessments, including construction of control language, documentation standards, quality and future product enhancements.
Essential Job Functions:
1. Conduct assessments of third parties and present to executive level Infogroup personnel and those of third party providers.
2. Implement the IT governance, risk and compliance management program underthe direction of the Director of Information Security. Manage compliance efforts with applicable regulatory and legal requirements.
3. Conduct internal/external risk assessments and risk analysis reporting tointernal and external stakeholders.
4. Collaborate with business teams across the global organization to develop and execute the Information Security Risk Compliance and Risk Management programframework, extending processes as necessary to help company identify information risk and manage mitigation to an acceptable level.
5. Input data on clients and vendors into the GRC system and work with legal, information technology, information security and the overall company to leverage the GRC system to enhance business processes to reduce risks.
6. Identify and work with respective owners for the mitigation of risk for IT processes which are not compliant with information security and risk frameworks or legal/regulatory requirements.
7. Review and evaluate completed questionnaire(s) and supporting materials provided by suppliers to ensure completeness and alignment with Infogroup control requirements.
8. Provide input into all aspects of the risk assessment process and lead assessments of suppliers, providing the overall technical, risk and security expertise, conduct onsite reviews if applicable.
9. Identify opportunities for process improvements to deliver increasing operational efficiency in processes related to assessment
10. Monitor and manage issues and risk register to ensure risks are accurately represented and actively managed.
11. Prepare management reports and assists with project management responsibilities within the Information Security organization.
12. Work closely with global business, contract and legal teams to assess proposed terms and conditions, align with appropriate risk profile and provide feedback on changes needed.
13. Identify trends and early indicators regarding issues and report to management.
14. Prepare and manages project plans, including work breakdown, obtaining resources, collaboratively resolving escalated issues, and monitoring schedules to achieve timely deliverables, on-budget.
Additional Posting Locations
Burlington, MA, Dallas, TX
Knowledge, Skill, and Abilities:
1. Solid understanding of Governance, Risk and Compliance programs and methodologies of identifying, managing and mitigating risks.
2. Skills to engage third party providers to fosters collaboration, information sharing and trust.
3. Capable of operating an independent QC function
4. Proficient verbal and written communication skills, including the ability toindependently and effectively participate in strategic collaborations with peers and present to senior management.
5. Sound knowledge of Risk and Controls practices
6. Technical or business knowledge of Third Party Risk management practices, products and services is an advantage
7. Proven ability identifying issues/defects and recommend solutions.
8. Excellent written and verbal communication skills.
9. Proven analytical skills.
Education, Experience, and Certification:
1. Bachelor's degree or equivalent experience
2. 3-5 years of relevant professional experience in Technology Risk Management, Internal and/or External Audit
3. Professional certification(s) (CIA, CISA, CISSP, CTPRP or equivalent experience) is (are) a plus
4. Experience performing technical risk and control assessments to validate evidence of security control requirements.