Sr Analyst - IT Governance

For more than a century Weyerhaeuser has grown and harvested trees to make innovative products that meet important human needs. Were serious about safety focused on performance and proud of what we do. In every corner of our company youll find talented people who care about each other the communities where we operate and the planet we all share. Sustainability is the founding concept of our business and our values drive every decision to ensure we continue to lead the forestry industry in sustainability practices. And we know about sustainability we invented it for the forestry industry when we planted our first seedling by hand in 1938. For over 100 years our Weyerhaeuser team has been making a difference in the world from the seedlings we plant to the forests and trees we nurture we ensure every acre is managed with diligence patience and pride.

We are on a mission to transform the timber industry. We are building value through innovation utilizing new IIoT drone and mobile devices and transforming our presence in the cloud. Our connected forests and mills rely on the culture of sustainability and safety that permeates everything we do including the safety and security of our business systems and data.

Our IT Governance team focuses on the implementation and management of IT controls to reduce risk in systems across the company. We enable safe compliant systems and processes in our business environment that are dynamic global and always on.

Were looking for a Senior IT Governance Analyst who is passionate about the enablement part of securing technology. Its one thing to understand various approaches to securing and operating the technology stack and quite another to implement practical solutions to make it happen and ensure it stays that way. We work across all teams and technologies from traditional financial applications to modern cloud apps innovative mobile solutions for our field ops and point solutions in our manufacturing environment. The common thread is identification and mitigation of risk by implementing and maintaining appropriate controls. But its the people and process that are key to making that happen.

As part of the Project Management Office (PMO) youll work closely with Cybersecurity Enterprise Architecture IT Service Management and Procurement to ensure that new tools and services are architected securely and have appropriate controls in place prior to transitioning to production.

Operationally youll help administer the system of record for risk and controls (AuditBoard) and ensure records and evidence for adherence to controls are maintained. Youll work with the internal audit team and ensure IT teams understand the types of evidence required to prove to others that our systems are secure and operating as designed. You will be exposed to the entire lifecycle of governing IT systems.

Positions on this team require an excellent base knowledge of risk management basic security and identity knowledge and excellent communication and collaboration skills.

Primary Responsibilities

Primary responsibility is to perform complex analysis problem solving implementation and documentation and deliver solutions following standard risk and project management methodologies. Prior experience in the intricacies of IT audit risk and controls design is essential.

Assist IT project teams in embedding standard controls requirements into their projects help them to design innovative solutions and evaluate compliance gaps/residual risk prior to go live.

Provide regular status reports to the team and leadership.

Provide analysis of complex technology risks and their potential impact on business processes. Suggest and help implement ways to mitigate those risks.

Work in concert with stakeholders to reduce risk by defining and implementing technical standards and procedures where needed.

Write and maintain policy and standards documentation as needed.

Drive the standardization and automation of periodic control performance through issuing tracking and reviewing tasks in AuditBoard.

Educate and consult with process and control owners on an effective IT control environment evidence required for audit purposes and remediation activities.

Identify compliance objectives and map program deliverables to the requirements.

Perform regular reviews of internal IT control effectiveness and process compliance.

Help create and maintain dynamic dashboards for visibility of activities in AuditBoard.

Work effectively across teams and with internal and external auditors to facilitate audit performance.

Education

Bachelors degree is required

Experience

Minimum of five 5 to seven 7 years of progressive relevant experience

Qualifications

• This position requires stellar communication skills due to the nature of what we do. You must be able to communicate effectively verbally and in writing to all levels of technical and nontechnical audiences.
• Deep knowledge and prior experience in SOX and ITGC audit
• CISA CRISC GCCC GSEC or related certification preferred
• Prior experience in the intricacies of controls design (not just inspection) and defense in depth.
• Experience in reviewing SOC reports and determining appropriateness of entity compensating controls
• Proven experience in proactively identifying potential risks issues and opportunities offering meaningful recommendations that address the root cause.
• Knowledge of industry standard security and control frameworks such as CIS NIST COBIT and ISO
• Experience defining requirements for moderately complex products/solutions
• Highly effective at influencing at all levels of an organization in a collaborative environment to implement effective compliance measures and policies
• Able to multitask and manage multiple priorities concurrently
• Experience in Project management/delivery frameworks
• Knowledge of Software Delivery Lifecycle Agile DevOps and Change Control principles
• Selfstarter that actively displays a commitment to quality and a passion for operational excellence
• Innate curiosity and ability to dig into details without losing sight of the overall objective

Candidates with experience in the following are preferred:

• Native control sets in AWS & Azure
• SDLC controls and deliverables related to projects of all sizes
• Knowledge of IT/OT/ICS environments
• Understanding of the intricacies of control environments in SAP S4 BTP C4C
• Administration of or core work within AuditBoard or other GRC tools
• ITIL v4/service management training
• Basic AI knowledge
• Basic query writing advanced Excel and Power BI

What We Offer:

Compensation: This role is eligible for our annual meritincrease program and we are targeting a salary range of $97400 $146000 based on your level of skills qualifications and experience. You will also be eligible for our Annual Incentive Program which offers a cash bonus targeting 10 of base pay. Potential plan funding may range from zero to two times that target.

Benefits: When you join our team you and your dependents will be offered coverage under our comprehensive employee benefits plan which includes medical dental vision short and longterm disability and life insurance. We offer a pretax Health Savings Account option which includes a company contribution. Other benefit options are also available such as voluntary LongTerm Care and Employee Assistance Programs. We also support personal volunteerism sponsor a host of diversity networks promote mentoring and provide training and development opportunities to help you chart your path to a fulfilling career.

Retirement: Employees can enroll in our companys 401k plan which includes a paid company match in addition to our annual contribution equal to 5 of your base salary.

Paid Time Off or Vacation: We provide eligible employees who are scheduled to work 25 hours or more per week with 3weeks of paid vacation to use during your first year of employment. In addition after being employed for six months eligible employees begin to accrue vacation for future use. We also recognize eleven paid holidays per year providing a total of 88 holiday hours and paid parental leave for all fulltime employees.

We know you have a choice in your career. We want you to choose us! If you believe in the same core values that we do safety integrity citizenship sustainability and inclusion then we believe Weyerhaeuser will be an incredible place for you to develop and grow your career.

Attention Internal Applicants:To ensure transparency across the organization please have a discussion with your manager prior to applying for any new opportunities. If you need any help facilitating this conversation please reach out to your HR Representative for guidance. For more information on how to apply including best practices for updating your profile or partnering with HR and Recruiting please visit our internal applicant page on Roots: is an equal opportunity employer. Inclusion is one of our five core values and we strive to maintain a culture where all our people feel a sense of belonging opportunity and shared purpose. We are committed to recruiting a diverse workforce and supporting an equitable and inclusive environment that inspires people of all backgrounds to join stay and thrive with our team.