Cyber Risk Analyst

Levi Strauss & Co. -
Centro (Área 1), CDMX

Postulación rápida

Información del empleo

Tiempo completo
Hace 10 días

Cualificaciones

Administración de personal
Informática
Seguridad informática
Maestría
Respuesta a incidentes
Licenciatura
Seguridad
ServiceNow
Ciberseguridad
Negocios
Gestión de identidades y accesos

Descripción completa del empleo

Job Location: Mexico City, Mexico

Calling all originals: At Levi Strauss & Co., you can be yourself — and be part of something bigger. We’re a company of people who like to forge our own path and leave the world better than we found it. Who believe that what makes us different makes us stronger. So add your voice. Make an impact. Find your fit — and your future.

The Cyber Risk Analyst will be a member of the Cyber Risk & Strategy team. The position is responsible for implementing the cyber risk operational strategy, which includes managing the Governance, Risk, and Compliance (GRC) program, performing internal and 3rd party security risk assessments, driving effective alignment to the Risk Management policy. The position reports to the Manager, Cyber Risk.

About the Job

Responsibilities include but are not limited to:

Implement the cyber risk strategy and advise on critical areas for opportunities and improvement.
Program alignment to ISO 27005, CIS Top 18 Controls, and the NIST Cybersecurity Framework.
Oversees initial project development surrounding new processes and integrating new processes with existing ones. Communicates these changes to impacted clients and other resources.
Leads process improvement and long-term information security solution discussions and presents outcomes in written and verbal format to senior management.
Oversees initial project development surrounding new processes and the integrating of new processes with existing ones. Communicates these changes to impacted clients and other resources.
Support the GRC tool responsibilities, escalating any strategic or large decision-making to the risk manager.
Assist in tiering the backlog of LS&Co. vendors using the defined vendor tiering criteria and perform internal and 3rd party security risk assessments. Prioritize and select controls based on risk assessment frameworks, and partner with internal stakeholders to document each control.
Determine the effectiveness of in-scope controls by implementing the risk management framework aligned to ISO 27005, including management of the security risk policy, control mapping, and implementation of the risk management process in the GRC tool.
Drive the policy lifecycle management process to manage & govern policies, policy lifecycle, attestation, communication, issue and actions, policy processes, and overall governance; manage the Cyber Risk Policy and make revisions as needed.
Manage the day-to-day exception process within the GRC tool for all GIS teams, while maintaining updates to procedures.
Support risk mitigation or risk acceptance efforts while assisting stakeholders to reach a common understanding of the risks and a defined plan to either mitigate or accept the risk(s).
Assist in the assessment and quantification of GIS identified top risks and critical assets by performing risk analysis to increase awareness and facilitate risk identification activities.
Partner with regional BISOs to understand local compliance requirements and perform a risk analysis to support global compliance and other operational risk activities.
Manage risk remediation plans, including setting deadlines, following up on progress, and reporting on outcomes to ensure issues are mitigated and managed, risks are accounted for, and security exceptions are tracked in accordance with frameworks, policies, and standards.
Document and communicate corrective action plans based on risk assessment findings, ensuring issues are mitigated and managed, risks are accounted for, and security exceptions are tracked in accordance with frameworks, policies, and standards. Partner with stakeholders to develop a continuous control monitoring (CCM) approach by leveraging the GRC tool to build custom workflows and metric dashboards to drive action between risk assessments.

Key Results:

Aptitude for understanding internal organizational environments and their relationship to the external business environment.
Ability to develop a complete and deep understanding of business operations.
Understanding of how business initiatives create value and risk for organizations.
Able to effectively analyze risk within the context of business problems.
Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes.
Able to consistently and effectively defend ideas and solutions.
Demonstrates an ability to construct, challenge, and manage choices.
Strong problem-solving and troubleshooting skills.

About You

Minimum Education Required:

Bachelor’s degree in Computer Science, Information Security or related degree

Years and Type of Experience Required:

BS or MA in Business, Computer Science, Information Security or a related field.
Industry security certifications (i.e., CISSP, CISM, CRISC, etc.) or aspiring to receive one within a year.
3+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
3+ years of experience performing internal and 3rd party risk assessments.
3+ years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [ISO] 27005, NIST Cybersecurity Framework, CIS Top 18, and MITRE ATT&CK.
Experience with Governance, Risk, and Compliance (GRC) tools, preferably OneTrust and/or ServiceNow, etc.

Knowledge, Skills, and Abilities Required:

Detailed knowledge and experience in the following areas:

Knowledge of cybersecurity principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management
Technical proficiency with security-related systems and applications
Experience in developing, documenting and maintaining security procedures
Self-motivated individual that possesses a high level of integrity, honesty, personal accountability
Excellent analytical and problem-solving skills (ability to find innovative ways to resolve problems)
Proven ability to collect, manage, and present data, metrics, and KPIs that tell the story of the company’s security posture.
Excellent communication skills in the new world of remote & on-line working and highly collaborative with the ability to influence across the matrix and to build connections to enable success
Proven skill developing project proposal and business cases in support of IT initiatives.
Strong written and verbal communications, relationship management, project management and management presentation

LOCATION

Mexico, D.F., Mexico

FULL TIME/PART TIME

Full time

Current LS&Co Employees, apply via your Workday account.

Postulación rápida

LOCATION

FULL TIME/PART TIME

Current LS&Co Employees, apply via your Workday account.

Herramientas para candidatos

Herramientas para empresas

Explorar

Mantente conectado