Security Risk and Compliance Analyst at NSF International in Ann Arbor, Michigan

Job Description:

At NSF International, our mission is to protect and improve human health. We're a global leader in standards development, testing, auditing, certification and training. We provide these services for a diverse set of industries including food, water, healOur nearly 3,000 employees provide services in over 170 countries through our many global offices, at our client sites, from home offices and in state-of-the-art laboratories. We're growing fast, and that's where you come in. Come join our team. Position Summary: The Information Security Analyst - Governance Risk and Compliance will report into the Information Security Director and will take an active role in the Govern function of the "Plan, Build, Run & Govern" model. This position will focus on developed and acquired technology and processes to identify applicable control requirements to protect and enable the business. Knowledge, Skills and Abilities:

• Act as motivated team player with excellent analytical, written and verbal communication skills.
• Quickly analyze and implement information security policies procedures and apply various control frameworks (ISO 27001, SOC 2, NIST etc.) in practice.
• Communicate with ability to translate technical and non-technical jargon to commonly understood terminology and present information in a consistent and concise manner.
• Professionally articulate technical risks in terms of business impact.
• Demonstrate proficiency in information security domains, including policies and standards, risk and control assessments, access controls, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, and data protection
• Execute against recommendations and plans by overcoming barriers and resistance

Education and Experience:

• Bachelor's Degree or equivalent experience
• 3 - 5 years of experience in risk, controls and/or audit role with solid understanding of technology. and overall governance and communication
• Preferred qualifications include:
• Demonstrated success implementing Information Security control frameworks and standards such as ISO 27001, SOC 2 Type 2, ITIL, GDPR, NIST CSF / 800-53
• Experience with GRC, IAM, and risk management tools and solutions and information security tools.
• CISA, CRISC, GIAC, CISM, or CISSP certifications

Job responsibilities include, but are not limited to:

• Develop, maintain, and lead enforcement of strong information security policy, procedures, standards, and training content
• Lead and conduct risk assessments, and security audits using internal tools and third-party vendor partners where appropriate
• Lead the planning and execution of readiness assessments and internal / external audits for ISO 27001 certifications and attestations and other U.S. and global security frameworks and compliance requirements (e.g. GDPR)
• Coordinate timely updates to the Information Security risk register and communicate trends, and action plan status as a member of the Information Security Steering Committee
• Work with Enterprise Security Architect to incorporate Information Security strategies and processes early and throughout the System Development Lifecyle (SDLC)
• Consult with IT Plan team members on implementing Information Security best practices to help ensure certification and regulatory requirements are met
• Work with the Director of Information security to update Vendor Risk Management methodology
• Develop working relationships with cross-functional teams from Information Technology, Human Resources, Marketing, Legal, and third-party vendors to help ensure security objectives are met and help respond to cyber security incidents
• Monitor and measure the maturity and effectiveness of information security, privacy, and Information security risk management and help develop strategies for improvement
• Develop and improve process/procedure manuals and related documentation
• Performs other related work as needed.