Senior Security Risk Analyst (HYBRID)

McCormick & Company

9d•$87,910 - $153,870•Hybrid

About The Position

The Senior Security Risk Analyst is a key member of the Cybersecurity Governance, Risk, and Compliance team and will report to the Senior Manager, Cybersecurity Governance, Risk & Compliance. This position will be responsible for leading assessments of security risk, establishing security standards, and ensuring compliance against those standards across all disciplines of the information security domain that support McCormick’s global brands and subsidiaries. The ideal candidate has a strong work ethic along with strong organizational, project management, and problem-solving skills. Additional key qualities include the ability to work with others to drive results. This position requires excellent verbal and written communication skills spanning across all levels of management. Candidates must thrive in a demanding, fast-paced work environment that is energetic, driven, and team-oriented. This role will also work with SMEs across the organization to mature/design security controls & mitigate risk.

Requirements

Bachelor’s degree in Information Technology, Information Systems, Risk Management, Accounting or similar
5-8 years of experience related to internal/external audit, information technology, or internal controls
Internal/External Audit, Sarbanes-Oxley, or other internal control (IT or operational) project experiences. Strong verbal and written communication skills, with the ability to effectively communicate complex cybersecurity and IT issues and concepts to non-technical stakeholders
Experience using GRC tool for managing risk and compliance workflows

Responsibilities

Intake and analysis of identified risks from a variety of sources including audits, compliance checks, automated vulnerability systems, and other internally or externally reported risks. Process risk acceptance requests and provide necessary information and analysis to allow business leaders to determine which risks are appropriate
Complete analyses and reports and work with the Senior Manager, Cybersecurity GRC to develop a comprehensive view of risk across the company.
Work with GRC tool to develop and improve workflows and processes related to management of risk
Process policy exception requests as needed or ad-hoc risk analysis as assigned as well as execute a detailed audit plan and identify risk areas, develop action plans, and monitor completion.
Draft clear, concise audit reports that communicate key insights and observations to functional/business personnel and executive leadership.
Demonstrate effective teaming skills with the ability to work independently as needed; leading initiation, execution, and completion to finalization and reporting for key work tasks

Benefits

Competitive compensation
Career growth opportunities
Flexibility and Support for Diverse Life Stages and Choices
Wellbeing programs including
Comprehensive health plans covering medical, vision, dental, life and disability benefits
Family-friendly benefits such as paid parental leave, fertility benefits, Employee Assistance Program, and caregiver support
Retirement and investment programs including 401(k) and profit-sharing plans

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume