Governance Risk & Compliance Analyst III

About The Position

Requirements

• Bachelor's Degree (B.A.) or equivalent combination of education and experience in Information Risk Management, Engineering, Management Information Systems or related curriculum.
• Requires a minimum of: 5+ years' professional work experience, including 4+ years of working knowledge of information risk management lifecycle, concepts, regulatory compliance (e.g. SOX, HIPAA, PCI etc.) activities, information security, and application of those in multiple IT environments required.
• Basic understanding of systems development life cycle methodologies required
• Strong working knowledge of GRC methodologies, risk analytic tools and development of information risk metrics required.
• Strong working knowledge of executing activities related to Information Security Policy Lifecycle required.
• Working knowledge of reviewing and responding to prospects and existing client security and compliance questions in RFIs required.
• Working knowledge of Application Security, Infrastructure security, audit, and control methods.
• Strong capabilities in gap analysis, review and validation of relevant security and regulatory requirements.
• 1 or more Professional certifications from (CISA, CISM), (ISC)2 (CISSP), and/or ISO-27001.
• Experience working with cloud based technologies such as AWS or Azure.
• Excellent communication, teamwork, and client service skills.
• Demonstrates integrity within a professional environment.
• Strong working experience interacting with external auditors, management, and internal resources to discuss and address security concerns.
• Self-learner and ability to work in an agile and cross functional environment.
• Excellent presentation and skills.
• Project management skills.
• Results-oriented person who can achieve tangible improvements in the corporate security arena.
• Strong multi-tasking and analytical/troubleshooting skills.
• Aptitude to prioritize and load balance sensitive projects concurrently.
• Strong organizational, time management, decision making, and problem-solving skills.

Responsibilities

• Ensure the continued adoption, maturity, and growth of the following functional areas through adequate planning and sustained execution of required activities: Information Risk Management Audit Lifecycle Policy Lifecycle Compliance
• Responsible for planning, design, enforcement and audit of security policies and procedures which safeguard access to and integrity of RH's global enterprise systems, files, and data elements.
• Maintain knowledge of changing global regulations, guidance and best practices that would result in recommended policy revisions subject to approval.
• Identify and advise RH management of critical issues that may affect customer or corporate security objectives.
• Assist in managing global policies, legal, regulatory, and contractual annual certification and compliance efforts (ISO-27001, SOX, SOC2, HIPAA PCI-DSS, Etc.).
• Act as security risk advisor leveraging industry experience and skills to meet global regulation timelines aligned to business demands.
• Facilitate both internal and external audit teams to identify and report on the effectiveness of implemented information protection controls to determine the overall security posture of RH.
• Maintain security requirements documentation.
• Contribute and advocate for the ongoing GRC Risk Management program for RH, which will include facilitating risk decisions from stakeholders, tracking risk remediation efforts, developing risk management metrics, and responding to security RFI questionnaires.
• Evaluate business-related controls for integrating business and information system security and risk mitigation efforts.
• Develop and implement tools to support automated risk management and compliance efforts.
• Works closely with our domestic and international business stakeholders, business and IT management, internal audit, and legal counsel to understand business requirements related to security, and regulatory compliance, and to map those requirements to current security and project requirements with intermediate to complex level needs.
• Ensure the continued adoption, maturity, and growth of the following functional areas by adequate planning and sustained execution of required activities: Information Risk Management Compliance Policy Lifecycle Management Security Awareness
• Ensure that new projects and existing application and system implementations comply with applicable compliance frameworks and RH’s information security requirements.
• Act as the liaison between the Enterprise Information Security supporting ATI, ESS, ITSS, Protiviti CIO, CTO, and the Business for any security IT risk and ensure timely resolution of intermediate to complex issues and initiatives
• Provide guidance to functional teams with the implementation, monitoring, and reporting of security control processes, documentation, and compliance measures.
• Advance relationships with developers and engineers; leverage influencing skills to help accelerate the continuous integration of security tools and best practices into our software development lifecycle (SDLC) across all business verticals.
• Experience with GRC Tools, automation and integration with other applications that are sources of evidence
• Promote and manage the communication of best practices for enhanced collaboration among Enterprise Information Security and our large, varied internal development communities
• Identify opportunities for security posture improvement and closely partner with the larger EIS organization and provide advice on a broad range of security strategies
• Contribute and maintain the efficiency, effectiveness and innovation of the program as well as tracking results.
• Actively represent and show presence in the organization as a thought leader and program driver for security awareness and providing useful and meaningful metrics on security effectiveness/exposures
• Work with other corporate compliance personnel and the representatives from IT to identify Information Security Policies that require intermediate to complex level creation/updates and also process exceptions requested for existing policies.
• Support Policy awareness and monitoring activities for sustaining adequate compliance.

Benefits

• group health insurance benefits (medical, vision, dental)
• FSA and HSA healthcare accounts
• life and accident insurance
• adoption and fertility assistance
• paid parental leave of up to 6 weeks
• short/long term disability
• Robert Half provides paid time off for vacation, personal needs, and sick time. The amount of Choice Time Off (CTO) our people receive varies based on their years of service and is pro-rated based on the hours worked per week. A new hire earns up to 17 days of CTO per calendar year. Our people also receive up to 11 paid holidays per calendar year.
• We also offer the opportunity to contribute to our company 401(k) savings and investment plan or deferred compensation plan (if eligible), with an employer match of 100% on the first 3% of your contributions for eligible employees.