Information Security Risk & Compliance Analyst at Kraft Group LLC in Foxborough, Massachusetts

Job Description:

Job Details

Description

SUMMARY:

This role will be responsible for building and implementing programs, policies and practices to ensure that the organization complies with industry and government regulatory compliance. You will liaise closely with internal business units, Legal, HR and other relevant departments to increase security awareness, assess compliance and where necessary, provide support in remediating non-compliant areas.

DUTIES AND RESPONSIBILITIES

• Establish and manage a compliance calendar for training and attestations. Identify and coordinate the delivery of IT security training and awareness for both technical and non-technical audiences.


• Document and communicate policies and procedures as they relate to IT security and risk management to all key stakeholders. Establish and maintain a repository of policies and procedures for internal constituent's use.


• Leverage organizational risk assessment to develop and refine on-going processes and deliverables to improve IT security and compliance. Work collaboratively with external partners on ad hoc risk assessments to focus on specific areas of concern and deliverables. Document and archive vendor risk assessment reviews and attestations.


• Partner with the business unit leadership on standards and regulations, such as PCI DSS, EU GDPR, FDA CFR or new business initiative needs to ensure compliance and completion of any filings or attestations. Act as an advisor to associates and management on specific security requirements, implementations and the impact on business processes, applications and systems as needed.


• Assist in data protection program initiatives


• Communicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations.


• Provide a monthly report on the status of any compliance activities and remediation efforts. Circulate these findings to Key Stakeholders.


• Remain current and a functional expert in security practices and IT security regulatory compliance.


• Special Projects as needed

SUPERVISORY RESPONSIBILITIES

This position has no supervisory responsibilities.

Qualifications

SKILLS AND QUALIFICATIONS

• Bachelor's degree in information technology related field, management information systems, or business administration


• 3 or more years of experience in information security, governance, IT audit, or risk management


• Strong understanding of security governance, compliance, and risk management principles


• Analytical ability to assess risks, adequacy of controls, and impact upon business processes


• Ability to work and learn independently


• Strong written and verbal communication skills with all levels of management


• Ability to manage multiple tasks concurrently

PHYSICAL DEMANDS

• Sitting for extended periods of time


• Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computing equipment


• The employee frequently is required to talk or hear


• The employee is occasionally required to reach with hands and arms


• Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus


• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions

WORK ENVIRONMENT

• The noise level in the work environment is usually moderate


• Fast paced office environment


• On-call availability

CERTIFICATES, LICENSES, REGISTRATIONS

• CISA or similar certification


• CISSP or CISM certification preferred


• CobIT or related IT audit experience preferred

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

This company is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.