The HP Cyber Security GRC and Information Security teams Risk Management Sr. Analyst is responsible for end to end Risk Management and governance of internal and third party risk. The Sr. Analyst ensures risk assessments are completed, associated risk mitigation plans are implemented, and monitored to ensure comprehensive risk management and compliance with regulatory and enterprise requirements. The position reports to the Head of GRC and Information Security and works closely with teams in other cyber security, information security, and IT disciplines, capability owners, support, and operations to help provide protection to HPs critical assets.
Responsibilities: Ensure timely execution of Cyber Security and Information Security risk controls including analysis, aggregation and reporting of material risks Identify issues and root causes including oversight and facilitation of risk mitigation plans including security concepts, controls, and awareness & training in alignment with HP Policy & Standards Provide guidance on security controls to involved stakeholders and partners with them to effectively manage risk Partner with third party management stakeholders (including at minimum: Supply Chain, Factory Chain, IT, Enterprise Risk Management, Procurement) to effectively coordinate execution of security concepts & controls Prepare and present risk management reports, scorecards, and briefings as required Review key metrics and overall performance with internal stakeholders and third parties Support internal & external audit readiness Monitor regulatory changes, corporate updates, and geo-political changes and ensure HP cyber security compliance Support the development and implementation of HP Policy, standards, guidelines, tools, and documentation for consistent execution of risk management activities As needed, participate in risk assessments in other cyber security and information security areas of focus
Qualifications: Bachelor’s Degree in Information Security, Cyber Security, or related 4 years of relevant experience across Risk Management, including third parties, or multiple areas within GRC Strong governance & compliance background Understanding of PCI DSS, ISO 27001/27002, NIST Cybersecurity Framework, COBIT, and ITIL frameworks. Certification as a CISA, CISM, CISSP, CRISC, or other Information Security/IT Audit discipline preferred. Excellent interpersonal, written, and oral communication skills. Ability to work in a team fostered, fast-paced, multi-tasking, global environment. Excellent prioritization and multitasking capabilities. Highly motivated self-starter who demonstrates initiative.
Tagged as: tecnologías de la información / sistemas