Develop and maintain corporate security policies, standards, guidelines and baselines Follow up and ensure timely approval of any submitted policy exceptions, as well as develop reporting for management visibility. Identify gaps in the design and operating effectiveness of controls, and identify opportunities for continuous improvement. Perform and evaluate information security risk assessments, for various information systems and processes, including annual penetration tests. Develop, monitor, ... more details
Job Location: Hershey, PA
Please note, this role can be remote
The Analyst, IT Risk and Compliance position contributes to the Governance, Risk and Compliance (GRC) function and is responsible for for assisting with the information security governance and oversight, and risk management program. This role has a critical part in ensuring that these programs align with the vision, mission, and objectives of the Information Security department. This position will report to the Senior Manager, IT Risk and Compliance and will collaborate with the Governance, Risk, and Compliance team members on the day-to-day management of the Information Security program.
Major Duties/Responsibilities:
Develop and maintain corporate security policies, standards, guidelines and baselines
Follow up and ensure timely approval of any submitted policy exceptions, as well as develop reporting for management visibility.
Identify gaps in the design and operating effectiveness of controls, and identify opportunities for continuous improvement.
Perform and evaluate information security risk assessments, for various information systems and processes, including annual penetration tests.
Develop, monitor, track and report against IT Security metrics and KPIs that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
Contribute to the creation of IT and Information Security policies and standards
Ensure compliance with PCI, SOX and other global regulations.
Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
Support overall IT SOX 404 program requirements in compliance with information security policies, standards, and client security requirements.
Track and ensure adequate and timely resolutions to all audit/review issues relating to security.
Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.
Follow up and ensure timely remediation of IS issues identified and perform appropriate risk analysis and ranking.
Become a cross functional partner and “go to” for Information Security policies, standards, and best practices.
Minimum Education and Experience Requirements
Education: BS in Computer Science, Information Security or related field OR equivalent work experience (4+ years)
Job Abstracts is an independent Job Search Engine. Job Abstracts is not an agent or representative and is not endorsed, sponsored or affiliated with any employer. Job Abstracts uses proprietary technology to keep the availability and accuracy of its job listings and their details. All trademarks, service marks, logos, domain names, and job descriptions are the property of their respective holder. Job Abstracts does not have its members apply for a job on the jobabstracts.com website. Additionally, Job Abstracts may provide a list of third-party job listings that may not be affiliated with any employer. Please make sure you understand and agree to the website's Terms & Conditions and Privacy Policies you are applying on as they may differ from ours and are not in our control.
We would like to take a second to Welcome You to Job Abstracts, the nation’s largest Pure Job Board. With over 3.1 million job listings from 15,000+ Companies & Organizations, we help job searchers find careers that match their interests. As an anonymous user, you have probably discovered how easy our system is to use. However, you have just scratched the surface of what we can offer.
We encourage you to Register so you can use our most powerful features: searching with multiple terms, setting up multiple locations, establishing favorite companies, and accessing your search history. If you find a job you like, you can apply directly for it, and then, keep notes on it. We will also keep a lookout for jobs that match your search terms and email you when we find something you may like.
You can register for free and the system is free to use. If you like our system so far, click on Register and unlock the power required by serious job searchers.
Any time you conduct a search, the system shows you job matches, ranked by their Relevance Score (RS).
The score is calculated by a proprietary algorithm that uses Intelligent Machine Learning.
The Relevance Score tells you how well the job opportunity matches your search term or terms.
When not logged in, the system is limited to one search term. Scores for single term matches are usually lower.
When you register, log in, and set up multiple terms prioritized by importance, the jobs found for you will receive a much higher Relevance Score.