Risk Analyst

NEW YORK, NY

Post Date: 02/22/2017 Job ID: rbs-1596 Job Category: Security/Risk Management

Ensure Company’s awareness, implementation and compliance to policies and external regulatory requirements. Lead response to internal and external audits.

 

Key Responsibilities – include:

Program Management

  • Manage and sustain initiatives regarding information security compliance on global Client Contracts in coordination with the Global Director of Security.

  • Participate in client contract discussions; align capabilities of Company and affiliates to these contractual obligations.

  • Engage the appropriate resources to assist with applying the required policies, procedures, technology safeguards as applicable and approved by IT Leadership to ensure compliance.

  • Interact and partner closely with account management, Business Partners, clients, legal and WPP as directed.

  • Participate in information security and compliance planning processes to establish an inclusive and comprehensive information security program for the entire organization.

  • Be cognizant of information security issues and regulatory changes. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

Risk Management and Incident Response

  • Keep abreast of security incidents and act as a control point during significant information security incidents.

  • Coordination with CoreTech and Legal, as needed, in addressing and investigating security incidences.

  • Provide oversight, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.

  • Provide feedback and be the escalation contact within the assigned region for all security, risk and compliance issues to the Global Director of Security in addition to relevant CoreTech and IBM management.

  • Examine impacts of new technologies on Company’s overall information security.  Establish processes for reviewing implementation of new technologies to ensure security compliance.

Policy, Compliance and Audit

  • Participate in the development and implementation of effective and reasonable policies and practices aligned with WPP’s General Computing Control (“GCC”) program to secure sensitive data, and ensure compliance with relevant regulations, client contracts and legal interpretation.

  • Oversee and monitor the implementation of the Corporate IT General Computing Controls Compliance Program within the assigned region.

  • Communicate the control requirements of the Corporate Compliance Program to the local country management and IT teams.

  • Ensure WPP / Company information security policies are fully communicated and implemented across Company.

  • Educate local country management and IT teams in performing the needed compliance tasks.

  • Review and verify compliance tasks submissions to the GCC Tracker weekly and on-going with the Modulo GRC tool.

  • Administer and analyze the Vendor Risk Management program within the assigned region using the Modulo GRC Tool.

  • Conduct annual Control Self Assessments and periodic remote internal audits whenever required and identify where corrective actions are needed. Provide guidance around remediation activities.

  • Lead efforts to internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for Company.

  • Coordinate, track and notify management of information technology and security related assessment, survey and/or audit requests including scope of these requests, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope and in accordance with Company policy.  Provide guidance, evaluation and advocacy on these responses aligned with company policy, contractual obligations and applicable laws and regulations.

  • Report to the Global Director of Information Security and Compliance on a regular basis to review progress on program implementation and assist with establishing improvement plans.

  • Coordinate and execute all Company’s SOX compliance with assigned region.

  • Help to develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors to align with multiple frameworks such as, ISO27000, NIST 800-54, NIST 800-171, PCI, HIPAA, GLBA, FISMA, Privacy Shield, Data Protection and Privacy, etc.

Outreach, Education and Training

  • Work closely with IT leaders, technical experts, and senior management on a wide variety of security issues that require an in-depth understanding of the IT environment/services in their units.

  • Assist in the creation of education and awareness programs, and advise operating units at all levels on security issues, best practices, and vulnerabilities.

  • Work with both technology and business groups to build awareness and a sense of common purpose around security.

  • Pursue security awareness initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program. 

  • Ensure the assigned region remains in compliance with Security Awareness and WPP Safer Data Training requirements.

  • 3-5 years practical experience in technology risk and control or IT audit  (Big four audit firm experience is a plus). Experience in a global corporate multicultural environment

  • Bachelor’s degree or equivalent in IT or business

  • Ideally holding any; CISSP/CISA/CISM/CRISC/CGEIT/ITIL or equivalent certification (or working towards)

  • Strong communication & influencing skills plus a good understanding of Company’s business processes, organization and markets.

  • Demonstrable experience in program / project management.

  • Experienced in all aspects of project governance, e.g. security and integrity management.

  • Good analytical skills and use of methodologies.

  • Good financial and business competencies.

  • Ability to influence and resolve conflict with senior stakeholders.

  • ISO:27001 audit and certification programs experience desirable

  • Has broad knowledge of key risks and controls in IT

  • Sound analytical skills

  • Proficient (to an intermediate level) on MS Excel, Word and PowerPoint.

  • Proficient in English as a business language

  • Ability to problem-solve, think creatively, challenge the status quo and manage ambiguity.

  • Proven ability to work both independently and as part of a team, with professionals / stakeholders at all levels.

 

Behaviours

  • Strong analytical skills and a deep insight into the use of compliance methodologies.
  • Good attention to detail, accuracy and job completion.
  • Proven experience in governance and compliance practice and processes.
  • Ability to influence.
  • Good communication skills.

Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: