Sr. Third Party IT Risk Analyst

Cargill (Shanghai, 中国) 15天前发布
Position Purpose & Summary
The Information Security Analyst provides guidance and support for technology risk management & compliance activities within Cargill Corporate Functions and Cargill Enterprises globally at the direction of the Regional and Enterprise Technology Risk & Control Managers (Regional/Business Information Security Officers).
The information security analyst will develop knowledge in Cargill processes, policies, and tools to assist in the identification and management of technology risks. The position will focus on information security principles, threat modeling, and 3rd party risk. The position will collaborate with Cargill’s Technology Governance Risk & Control (TGRC) subject matter experts in the assessment of technology risk and in the implementation and monitoring of effective security controls.
Responsibilities include, but are not limited to, education & consultation, project consultation, assessing technology solutions, and providing regular updates to Unit Stakeholders and the Technology Risk & Control Managers.
Principal Accountabilities
30% - Consulting and Risk Assessment
• Develop relationships with stakeholders to gain consensus on strategies, recommendations, findings and project plans
• Develops an understanding of business goals and frames risk discussions in business terms
• Constructively engages business partners regarding information security issues
• Actively and professionally engages business partners in conversations that drive good risk decisions
• Responds to security inquiries, provided in a timely and consistent manner
25% - Project Consultation
• Facilitates identification / completion of information security project tasks (Project Risk Checklist)
• Provide consultation and interpretation of Global I/T risk management policies
• Coordinate completion of technology risk assessments (e.g. privacy, 3rd party, application)
• Provide consultation in design of controls into business and technology processes
• Collaborate with Global I/T Subject Matter Experts on technology risks/gaps
• Serve as the liaison between business partners and technology teams
20% Implementation of Security Controls
• Consult and validate the implementation of technology controls
• Collaborate with Technology Risk Analysts on common risks to achieve optimization and coordination of risk management activities
• Provide regular reports on the progress of risk management activities to the Technology Risk & Control Manager and business partners
• Facilitate security incident response activities
• Facilitate the completion and remediation activities of the following Risk Management Processes
o Risk Exception / Findings
o Network Security Design
o Resiliency Planning
o Third party/Cloud-based technology vendor assessment / management
15% - Monitoring
• Monitor internal / external threat vectors identifying impact to Business Unit partners.
• Monitors compliance of application owner control activities
• Assist audit preparation and remediation activities
• Provide regular reports on the risk management status / activities to the Technology Risk & Control Manager and business partners
10%- Education & Awareness
• Provide Technology Risk & Controls training & awareness
• Prepare / Communicate risk management scorecard

Education, Experience, Skills
Minimum Required Qualifications
• Bachelor's degree in Computer Science, MIS, Computer Engineering or equivalent
• Communication Skills:
o Excellent verbal and written communications skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts
o Must be able to effectively convey information and translate technical terms in a clear and concise manner to both technical and business audiences
o Excellent persuasion and influencing skills (directly & indirectly)
• Effective teaming skills encompassing cross-functional teams, peer relationships, and understanding and appreciating differences
• Excellent analytical, reasoning, and creative problem solving skills
• Demonstrated experience in independently managing priorities & workload effectively and making timely decisions
• Agile learning capabilities.
• Demonstrated efforts to take initiative and drive for results
• Demonstrated customer focus skills and strong interpersonal skills in terms of effective listening, patience, composure, and conflict management
• Demonstrated ability to persevere, adapt to adversity, move forward and drive for results (resilient)
Preferred Qualifications
• 8 years of IT or audit experience
• 3+ years of experience in Risk Management, Information Security, Controls, or I/T Audit practices.
• Information Security certification (e.g. CISSP)
• Knowledge of and ability navigate and manage risks of cloud-based technology
• Experience in threat modeling – identification of critical assets, threat vectors and protection measures
• Experience in Third Party risk assessments and the management of 3rd party relationships
• Experience with security event management solutions
• Experience with Patch and vulnerability scanning
• Experience with Intrusion Prevention and Detection monitoring
• Experience with networking and infrastructure architecture


More from Cargill
Sr. Third Party IT Risk Analyst
Cargill 4天前发布
Trading/Merchandising Graduate
Cargill 4天前发布
Market Risk Manager, CASC Asia
Cargill 4天前发布