Security Risk and Controls Analyst
Posted Date: May-31-2017
Job ID: 7927
Job Type: Full Time
Job Function: Legal
What's cool about this job
Security Risk and Controls Analyst
Collaborates with all levels of Information Technology for the successful implementation testing and remediation of Governance, Risk, and Controls (GRC) program which will have far reaching change impact on the culture and behavior of IT professionals at REI. Responsible for the development and management of remediation and framework compliance using industry best practices. Knowledge and understanding of how to implement and develop best practices for risk and compliance program to ensure compliance to NIST, ISO, COBIT and other standard security controls.
- Analyze control frame works, federal requirements and security best practices to recommend mitigation for gaps in security controls for REI systems.
- Knowledge of system processes to coordinate responses and interviews with subject matter experts.
- Knowledge of security program to be able to respond high level to policies, controls, BCP/DR, Incident Response, risk, overall security practices and processes.
- Assist in the development of an assessment process to include coordination of resources, evidence/artifacts, remediation processes and ensure controls are in place and functioning as designed; improve efficiency and proficiency.
- Provide reports and dashboards on security controls and programs as directed.
- Leads the planning, design, development and execution control effectiveness testing.
- Participate in assessment and testing coordination, review, documentation, evidence and remediation.
- Establishes strategic partnerships to anticipate, advise, and effectively communicate (written and verbal) Federal and State regulatory and business partner governance and control requirements.
- Challenge the status quo and recommend process efficiencies.
- Drive governance around risk management (i.e. ensure organizational frequencies of risk assessment and reporting.
Bring your passion and expertise
- Bachelor's degree or equivalent experience in Information Technology Controls in lieu of a degree.
- 5+ years work experience in Security/IT Compliance or related discipline.
- 3+ years leading within a matrixed corporate environment.
- 5+ years facilitating control design and operating effectiveness with all levels of the organization.
- Advanced knowledge SOX and PCI controls and assessments.
- Advanced knowledge relevant industry data sources.
- Current CISA, CISM or CRISC
- Understanding of industry and government regulations impacting security practices.
Why you'll love it here
If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.
At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.
With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.
REI is an Equal Opportunity Employer