Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Analyst- Governance, Risk, and Compliance
Company The Hershey Company
Location US Remote / Hershey, PA
Preferred GIAC Certifications GSEC, GCCC, GSTRT, GDSA
Travel 5%
Salary Not provided
URL https://careers.thehersheycompany.com/us/en/job/108819/Senior-Analyst-Governance-Risk-and-Compliance
Contact Name Jeremiah
Contact Email jhainly/at/hersheys.com
Expires 2020-12-09

Job Description

Location:

Hershey, PA preferred but willing to do remote for the right US-based candidate.


Major Duties/Responsibilities:

Develop and maintain corporate security policies, standards, guidelines and baselines
Identify gaps in the design and operating effectiveness of controls, and identify opportunities for continuous improvement
Perform and evaluate information security risk assessments, for various information systems and processes, including annual penetration tests.
Develop, monitor, track and report against IT Security metrics and KPIs that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
Lead the development and operation of the 3rd party vendor risk assessment program
Contribute to the creation of IT and Information Security policies and standards
Ensure compliance with PCI, SOX and other global regulations
Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
Support overall IT SOX 404 program requirements in compliance with information security policies, standards and client security requirements.
Track and Ensure adequate and timely resolutions to all audit/review issues relating to security
Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented
Develop and maintain standards and controls to ensure the protection of data based on classification
Manage the attestation program for all IT controls to support assurance and alignment across all information security stakeholders
Perform and evaluate information security risk assessments, for various information systems and processes, including annual penetration tests
Develop, monitor, track and report against IT Security metrics and KPIs that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
Manage and operate the 3rd party vendor risk assessment program
Develop and maintain the IT Risk Council and support the ongoing tracking and management of all identified risks and issues
Develop and maintain corporate security policies, standards, guidelines and baselines


Education:

BS in Computer Science, Information Security or related field OR equivalent work experience (4 years of experience)
Relevant Information Security Certification is preferred CISM, CISSP, CRISC


Experience:

3+ years experience. Willing to take the right candidate with less experience.