The HP Cyber Security GRC & Information Security Analyst is responsible for execution and participation Cybersecurity GRC activities, including policy and standards management, exception to policy activities that may include risk classification, risk gap analysis, and partnering with Sr. colleagues to develop remediation plans to remove exceptions. Other activities may include participating in the PCI PMO, Audit Liaison and Compliance Liaison work and may include participating in regulatory and internal compliance activities and reporting. Additional activities and tasks many include participating in following items: ISO, eGRC Tool, Cardholder Data Environment, Records Management, Privacy, Business Continuity. This respective Analyst role supports the HP Cybersecurity Governance and compliance function to ensure all compliance with regulatory, contractual and enterprise policies and requirements are adhered to for HP. The position reports to the HP Cybersecurity GRC & Information Security Manager, and works closely with teams in other cyber security, information security, & IT disciplines, capability owners, support, and operations to help provide protection to HPs critical assets.
Responsibilities: Ensure timely execution of HP Cybersecurity GRC and Information Security process execution including analysis, aggregation and reporting related to GRC and Information Security management activities Identify issues and root causes including facilitation of mitigation and remediation plans including security concepts, controls, and awareness & training in alignment with HP Policy & Standards Provide analyst supporting consultation on controls to involved stakeholders and partners with them to effectively manage risk Partner with peer analyst stakeholders (including at minimum: Privacy, Legal, Supply Chain, Factory Chain, IT, Enterprise Risk Management, Global Procurement) to effectively coordinate execution of security concepts & controls Prepare and present reports, scorecards, and briefings Review key metrics and overall performance with internal stakeholders and appropriate-level third parties Support internal & external audit readiness related to Cyber security risk management Support the implementation of HP Policy, standards, guidelines, tools, and documentation for consistent execution of third party management activities As needed, participate in risk assessments in other cyber security and information security areas of focus
Education and Experience Required: Bachelors Degree in Information Security, Cyber Security, or related field. 2-3 years of relevant experience in Governance Risk Management & Compliance, Cybersecurity, Information Security or IT domains that have relatable experience. Knowledge and Skills Required: Understanding of PCI DSS, ISO 27001/27002, and NIST Cybersecurity Framework. Security Certifications, such as CCSP, CISM, CISSP, CRISC, CISA or other Information Security or IT disciplines. Excellent interpersonal, written, and oral communication skills.
Tagged as: tecnologías de la información / sistemas