UPS Lead Information Security Analyst in Mahwah, New Jersey
Lead Information Security Analyst
We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done… our innovative culture demands “yes and how!” We are UPS. We are the United Problem Solvers.
About Information Management at UPS Technology:
Our Information Management teams are responsible for designing and supporting data solutions to meet UPS’s rapidly changing business needs. Our team is comprised of individuals who are experts in data management, compliance and governance. We ensure quality, completeness, availability, protection, understanding and effective use of our data assets. Our ability to organize and design the wealth of data we receive each day provides the foundation which enables many of UPS’ core processes.
About this role:
The Lead Information Security Analyst performs a broad range of complex technical and professional work functions to identify, investigate, analyze, and remediate information security events. He/She leads security administration and service operations' functions to ensure enterprise integrity against technical and physical risks. This position determines the effectiveness of security controls, identifies risks and control gaps, and communicates areas for process improvement and solutions through the security governance process. He/She monitors Information Services (I.S.) security controls to protect enterprise and information assets. This position facilitates collaboration with other functions to identify security and business solutions. He/She guides and trains colleagues to increase skill sets and knowledge. This position leads work functions to ensure appropriate resource allocation. He/She maintains current knowledge of developing technologies and applications. This position leads the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties.
The Lead Information Security Analyst will assist in supporting UPSs’ Risk Management Program. He/She will conduct complex risk security assessments and compliance reviews for internal and vendor/cloud supported systems. The candidate will initiate, prepare and review risk assessments facilitated by electronic surveys and questionnaire assessments, Q&A interviews and security reviews. They will be required to determine Information Security compliance posture based on the UPS Policies and Standards, contractual agreement and where applicable, governing regulations or laws and prepare a comprehensive, executive quality risk assessment report.
In some cases, the Lead Information Security Analyst will be required to conduct on-site visits, which may include travel. He/She will work as part of the Risk Management Team and will be called upon to contribute new ideas, solve complex problems, coach and mentor other analysts, innovate processes and streamline methodologies to increase and improve vendor audit effectiveness and information security compliance.
Conduct complex third party risk security assurance on UPS vendors and supply chain partners
Develop new methodologies to search, data mine enterprise vendor database for “high value-high priority” third party vendors
Prioritize vendor audit lists based on Information Security policy criteria
Establish vendor relationships with key points of contact, establish communication channels
Initiate audit overview meetings and manage audit calendar and schedule
Provide executive status reports on assurance program activities, vendor controls deficiencies, and corrective action plans
Identify methods and strategies to overcome program and process challenges
Evaluate emerging technologies and cyber threats to support maintenance and development of new information security requirements for third parties and supply chain partners and ensure UPS's information assets are continuously protected following UPS Information Security standards and compliance obligations
Ensure all vendor controls meet company standards for confidentiality, integrity, availability and defense in depth security principles
Provide immediate security control remediation response in all cases where vendors are found to be deficient or non-compliant
Research and communicate important Information Security, and Regulatory issues to Information Security Management
Coach and mentor other InfoSec analysts
Must have the ability to plan, organize and prioritize personal work to meet deliverables and deadlines
Advanced experience with IT Auditing fundamentals, Information Security Controls, Vendor Cybersecurity Analysis, Cloud Security Controls
Advanced experience using Assessments Program Tools and/or questionnaire based vendor auditing tools, GRC tools and technologies for audit support and vendor governance
Advanced knowledge of Auditing Controls, Business Impact & Risk Analysis, Security Risk Management and Security Risk Mitigation
5 or more years of relevant assurance, compliance and/or audit experience at a large organization
Industry Certifications: (Must possess one or more of the following, or be able to obtain and maintain one or more within six months if currently not certified): • Certified Information Systems Auditor (CISA)• Certified in Risk and Information Security Controls (CRISC)• Certified Information Systems Security Professional (CISSP)• Certified Information Security Manager (CISM)• Certified in the Governance of Information Technology (CGEIT)
Demonstrated experience leading and collaborating with highly motivated and skilled teams
Experience developing and leading highly effective teams
Ability to plan, organize and prioritize personal work to meet deliverables and deadlines
Demonstrated advanced verbal and written communication skills
Advanced aptitude in producing executive security assessment reports and dashboards
- Bachelor's degree in IT Management, Information Systems, Risk Management, Auditing, Computer Science, or related field or the equivalent in education and work experience
This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.
UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law
Company: UNITED PARCEL SERVICE
Category: Information Technology, Engineering, Technology, Professional
Requisition Number: 255903
Location: Mahwah,New Jersey