Information Security Analyst

Description :

information Security Analyst protects information assets by establishing Information Security Governance. Including; assisting with the maintenance of Information Security Policies and Procedures, performing control and risk assessments, coordaining internal and external audits and regulatory assessments.

Making Information Security Governance available to the right teams at the right time, effectively collaborating across the organization, and making smart decisions.

Principal Duties and amp; Responsibilities

• Collaborate with Enterprise partner (Legal, Privacy, Procurement, etc.) to establish and maintain Information Security Governance Program.
• Maintain Information Security Policies and Procedures.
• Coordinate and assist with initial, annual, and ad hoc control and risk assessments Vendors, Customers and Suppliers.
• Coordinate and assist with initial and annual contract reviews for Vendors, Customers and Suppliers.
• Coordinate Regulatory assessments for PCI, HIPAA, SOX, NIST, CMMS via internal and external audits.
• Identify process improvements
  • Policy Exception process
  • Risk acceptance and Authorization
• Participate in the implementation of Governance, Risk and Control tool
  • Strengthen Policy and Procedure Controls
  • Create and maintain Control Library
  • Assist with the creation and maintenance of the Risk Register
• Participate in Security Awareness program
• Utilize existing workflow tool to ensure accuracy and efficiency.
  • SharePoint
  • ServiceNow
  • OneTrust
  • JIRA
• Coordinate the gathering of metrics to ensure accurate reporting of key Information Security Governance metrics to Grainger leadership and stakeholders

Requirements :

• Bachelor s degree in Information Systems or related degree, or equivalent job experience
• 3 - 5 years of experience Governance Risk and Compliance program.
• 3 - 5 years SDLC policies, standards and procedures
• 3 - 5 years Information Security Control and risk assessments
• 3 - 5 years of combined Information Technology and Information Security work experience with a broad exposure to the following Regulations and Frameworks; PCI, HIPAA, SOX, NIST, CMMS
• Demonstrates an understanding of information security concepts
• Ability to quickly learn, become competent in, and effectively apply new skills
• Ability to prioritize and execute tasks in a complex