Senior Information Security Business Risk Analyst
Camden, NJ, USA | Campbell Soup Company
Industry:Food & Beverages
Functions:IT / Information Technology
Job Description:59 people have viewed this job
Imagine...working for a company that knows that its people are the key to its success in the marketplace. A company in which achieving extraordinary results and having a stimulating work experience are part of the same process.
We cultivate and embrace a diverse employee population. We recognize that people with diverse backgrounds, experiences and perspectives fuel our growth and enrich our global culture.
We are looking for an individual who enjoys working in a fast-paced, team oriented environment, likes to be challenged, and values the opportunity to make a difference.
The Senior Information Security Business Risk Analyst will be a vital part of a cross functional team of risk analysts.
Reporting to the Senior Manager – Information Risk, this role will focus on supporting improvements in the maturity of the overall cybersecurity program through the development of policies and controls. This high-visibility role will conduct IT risk assessments on internal processes and third-party vendors to evaluate the risk profile and develop risk treatment options. The successful candidate will have a proven track record of delivering high-quality risk management and information security initiatives, and the ability to communicate effectively with an executive audience.
Essential Responsibilities Will Include But Not Be Limited To:
Global Information Security Framework Alignment
- Conduct gap assessment against leading practice information security frameworks (NIST CSF, NIST 800-53, ISO27001, etc.) to identify improvement needs for Campbell information security policies and standards
- Coordinate with subject matter experts to development policies and standards that address the specific information security goals of the enterprise as well as the various compliance requirements
- Establish and oversee a process for periodic review and update of Information Security policies
- Collaborate with other towers within Information Security including Compliance, Assurance, Security Architecture, and Incident Response to recommend and document processes and controls that will improve the maturity of the cyber security program
- Define metrics, key risk indicators, and key performance indicators to measure the effectiveness of the information security program and to monitor performance over time
- Develop reporting and dashboards for the risk organization to effectively communicate meaning and business impact behind metrics developed
Information Technology Risk Management
- Support the Senior Manager - Information Risk in the ongoing execution of the IT Risk Management program.
- Partner with business teams to identify, document, assess and mitigate existing and emerging cybersecurity risks.
- Conduct proactive risk assessments, identify mitigation strategies, and monitor remediation plans in the GRC tool and risk register
- Review, audit, and other independent assessments to ensure that recommended actions are taken appropriately based on risk treatment procedures
- Identify and track risk Issues and support risk issue owners in identifying ways to mitigate or remediate risks.
Vendor Information Risk
- Support the review of third parties for compliance to company standards and industry regulations.
- Review application security risk assessments for new or updated internal or third-party applications
- Work with third parties to develop action plans to address identified risk.
- Prepare third party risk reports to effectively communicate residual risk to business stakeholders.
This Position Requires The Ability To:
- Work on multiple IT Risk Management projects frequently as the subject matter expert
- Work on projects / issues of medium to high complexity that require demonstrated knowledge across multiple technical areas and business segments
- Manage multiple, concurrent project and task assignments, placing proper priorities on tasks and attention to detail to follow through all assignments to completion
- Document and explain information security concepts to both business leaders and technical stakeholders
- Provide thought leadership and communications expertise in the development of policies, standards, procedures, and other communication for the department
- Ensure agreement on risk across multiple levels of the business up to and including Senior Leadership
- Work with business process owners to identify risk concerns, then assesses those concerns within internal and external services by interfacing with internal process leads and third-party service providers
We Are Looking For The Following Abilities And Skills:
- Minimum education required: Bachelor’s degree
- Minimum experience required: 5+ years of relevant experience
Knowledge, Skills And Abilities Required
- Experience with ServiceNow GRC preferred, but not required
- Project management, time management, and prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing priority and time to complete each part.
- Previous Information Security or Risk Management experience in a large, complex environment
- Proficiency with cybersecurity management frameworks including NIST, IS27001, COBIT 5
- Experience as a consultant and/or trusted business advisor
- Demonstrated knowledge of networks, desktops, servers, cloud, and software as a service technology
- Demonstrated ability to identify and evaluate risk in accordance with the company and business unit’s overall risk tolerance
- An ability to effectively coach, influence and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization
- An ability to communicate risks to employees outside Information Security in a way that consistently drives objective decisions about risk to optimize the trade-off between risk mitigation and business performance.
Already a member? Sign In