UPS Sr. Information Security - 3rd Party Vendor Risk in Mahwah, New Jersey
Sr. Information Security Analyst
We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done… our innovative culture demands “yes and how!” We are UPS. We are the United Problem Solvers.
About Information Security at UPS Technology:
Our top-notch Information Security team quickly finds and responds to real time threats. These critical-thinkers have a hunger to keep ahead of new exploits and security trends. As a part of UPS InfoSec, you’ll continue to uphold our reputation for integrity in this growing and ever-changing field.
About this role:
The Sr. Information Security Analyst identifies, investigates, analyzes, and remediates information security events to ensure enterprise integrity against technical and physical risks. He/She conducts quality management reviews to evaluate the effectiveness of security controls. This position reports on the controls effectiveness for mitigating exposure to identified risks. He/She communicates security issues and control gaps through security governance processes. This position implements and integrates risk management procedures across the enterprise. He/She participates in the development and maintenance of business continuity planning, data, systems, and network security for systems & controls related to their job duties.
The Sr. Information Security Analyst will assist in supporting UPSs’ Risk Management program. He/She will conduct information security assessments and/or compliance reviews on internal UPS systems and third party vendors. The Sr. Analyst will prepare and initiate assessments/audits facilitated by electronic survey's and questionnaire assessments, interviews and security control reviews. He/She will provide support for internal and external security assessments, including gathering and discussing evidence, and tracking remediation responses and activities.
The Sr. Information Security Analyst is expected to perform the following key tasks:
Identifies key points of contact, establish communication channel. Collaborates with functional teams on cyber risks and company information security initiatives
Initiates security assessment/audit overview meetings and schedule Q&A sessions
Performs security risk assessments and provides information security awareness
Conducts internal security and confidential information investigations and information usage security audits
Leads and supports enterprise wide information security and cyber risk assessments with technical and non-technical teams
Manages assessment/audit time line for questionnaire, interview, evidence verification, and report preparation
Proactively identifies and develops recommendations to information security and cyber risk issues and vulnerabilities by working with multiple teams including privacy, compliance, internal audit, legal, HR, information technology, etc.
Contributes to the development of the information security requirements of vendor and customer security control requirements to ensure UPS's information assets are protected, and follow UPS policies, standards and compliance obligations
Ensures all Infosec controls meet company standards for confidentiality, integrity, availability and defense in depth security principles
Provides security control remediation responses where Infosec controls are found to be deficient or non-compliant
Responds to UPS customer inquiries and audits of UPS's security program
Reviews and negotiates InfoSec contractual terms in vendor/customer contracts
Develops and maintains relevant security risk metrics to promote transparency across the organization
Measures, monitors and reports on information security risks to Sr. Management
Performs other duties as assigned
Experience gathering information from a range of different sources, developing and creating search queries
Experience in using InfoSec assessment/audit tools and/or controls questionnaires based industry standard frameworks (i.e. NIST; ISO; Cobit; CSA)
Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; Privacy; NYDFS; etc)
Experience using GRC tools and technologies in support of the assessment/audit process
Advanced experience with Auditing Controls, I.T. Auditing fundamentals, Cybersecurity Analysis and documentation
Demonstrated experience across information security and cyber risk domains required
Candidate must have excellent organization skills and be a self-motivated learner
CISA, CRISC, CISM, or CISSP certifications (one or more) required
Bachelor's degree in Information Technology, Information Security, Computer Science, Auditing or equivalent
Demonstrated advanced verbal and written communication skills
Excellent organization skills and be a self-motivated learner
This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.
UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law
Company: UNITED PARCEL SERVICE
Category: Technology, Information Technology, Professional
Requisition Number: 254578
Location: Mahwah,New Jersey