IT Risk & Compliance Analyst 9/20/2017
Cushman & Wakefield, Inc.
JOB DESCRIPTIONAPPLY JOB DESCRIPTION SUMMARYThe IT Risk & Compliance Analyst is responsible for assisting with the company s risk and compliance activities, including supporting the company s risk management, compliance, client response, and IT governance processes. The Risk & Compliance Analyst works across the corporation to assist with risk identification and mitigation activities associated with data protection, technology, and third parties. This role is responsible for assisting with activities in support of implementing security/IT controls, and guiding stakeholder organizations, in support of SOX auditing and SSAE-16 SOC2 reports.
The individual is also responsible for understanding the current security posture of the organization s client facing systems and processes. The Risk & Compliance Analyst participates in responding to client security information requests to effectively communicate the measures C&W takes to protect client information. The individual will collaborate with IT management and service line management to discuss identified risks and mitigating activities.
* Catalog and analyze client-required or requested security practices, allowing Global IT to select improvements to security practices that make the company more competitive.
* Maintain knowledge of, and contribute to, IT General Controls, SOC 1&2 controls, and ISO 27000 security controls.
* Work with and manage security tools, including GRC system and metrics tools.
* Maintain knowledge of the Shared Assessments methodology for vendor assessment, or other such methodologies our clients may use as the basis for their assessments.
* Maintain current assessments of C&W s current global security posture, particularly with respect to client-related information services, using the associated SIG and SIG-lite questionnaires; such services may include C&W, closely held third party organizations, and third party organizations under long-term agreement.
* Develop standard responses for client security questionnaires, particularly those based on the Shared Assessments methodology, for use in building a scalable response process.
* Collaborate with Service Line organizations and Legal in reviewing proposed Master Service Agreements, advising on the risks associated with proposed terms, and proposing mutually acceptable terms.
* Collaborate with Service Line organizations in responding to client security questionnaires, using standard answers where possible, and participating in client security audits.
* Determine, measure, and agree on actions to close "risk gaps" working with appropriate management and client representatives.
* Participate in programs to acquire security certifications or attestations related to client services.
* Work with auditors and vendors who support security maturity development, and with internal and external auditors.
* Lead or participate in various security, risk management, and other initiatives.
* Provide support to strategic IT initiatives, programs, and projects, including client facing programs, to ensure the correct identification and mitigation of IT risks and incorporation of commercially useful security and privacy measures.
* Degree or equivalent work experience in computer science, information systems, or related field
* Certified Information Security Auditor (CISA) or equivalent is required.
* 3-4 years of experience in a IT Risk and/or IT Audit positions
* Experience with IT risk standards and industry best practice approaches, such as ISO 27001 / 2, CoBIT, COSO, ITIL, etc.
* Knowledge of IT processes and development life cycle
* Experience in information security
* Excellent communication skills (verbal and written)
* Ability to collaborate with business partners in setting business goals and objectives
* Strong team player
* Strong interpersonal skills and ability to work cross-functionally and across divisions with others
* Knowledge of risk assessment methodologies, IT policies and standards, awareness and training preferred.
* Ability to work in more than one major IT discipline (e.g., distributed computing, networks, financial applications design and development, IT security and business recovery).
* Understanding of Vendor Assessments and Shared Assessments methodology.
* Strong interpersonal skills.
* Experience developing and executing presentations to all levels of management.
* Ability to manage and analyze data.
* Experience raising awareness of security throughout an organization.
* Strong teambuilding skills including promoting cooperation and good working relationships among peers and team members, remaining positive and supportive during change, and building rapport and trust with IT Risk stakeholders and other business partners.
* Involves work of a general office nature; typically includes extended periods of sitting and/or operation of a computer
* Regularly required to talk, hear, and use hands and fingers to write and type
* Ability to speak clearly so others can understand you
* Ability to read and understand information and ideas presented orally and in writing
* Ability to communicate information and ideas in writing and orally so others will understand
* Regularly required to utilize vision abilities, allowing reading of printed material, graphics and computer displays
Cushman & Wakefield is an Equal Opportunity/Affirmat ive Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status..