IT Security Analyst

Overview

The IT Security Analyst of Crocs, Inc, reporting to the Sr. Manager, Governance, Risk, and Compliance, plays an instrumental role in supporting company GRC strategies and processes. As a key member of the global GRC team, this analyst collaborates with other stakeholders such as Legal, Risk, Internal Audit, etc. align IT and Enterprise risk management framework with business objectives and regulatory requirements. The role requires technical expertise, backgrounds in GRC and applicable frameworks, and situational awareness of global regulatory needs to identify, track, and address potential risks, while proactively enhancing the company's overall GRC posture.

What You'll Do

• Maintain the chosen GRC platform to programmatically capture Cyber/IT risks, timely analysis to enable risk control and reporting.
• Track platform automation of Third-Party Risk Management (TPRM) processes including self-service questionnaires, evidence uploads, results evaluation, workflow facilitation, and other internal requirements through collaboration with key department stakeholders.
• Implement processes to automate and continuously monitor information security controls, exceptions, risks, and testing. Develop metrics, dashboards, and evidence of artifacts.
• Maintain, and oversee implementation and adherence to Cybersecurity and GRC Policies and Processes to ensure compliance with applicable laws, regulations, and chosen industry standard frameworks; communications and training included.
• Track enterprise-wide policies with stakeholders from Legal, Audit, etc. to ensure Cybersecurity and GRC components are accounted for in enterprise-wide policies and processes.
• Document security processes, responsibilities and ownership of the controls in GRC tool. Schedule regular assessments and testing of effectiveness and efficiency of controls and create reports.
• Coordinate with auditors to facilitate audits, assuring IT and Enterprise compliance and address potential issues proactively.
• Work with stakeholders on deficiency remediation of audit or internal control findings.
• Assist IT and other Enterprise organizations to successfully achieve required compliance.
• Serves as a point of contact for IT SOX Audit, interfacing with external auditors and Internal Audit.
• Perform access reviews, certifications, and audits to ensure compliance with regulatory requirements and industry best practices.
• Maintain the chosen GRC platform for managing, tracking, and reporting on Audit and Compliance findings.
• Maintain the Cybersecurity Risk Register and collaborate with stakeholders for inclusion in overall risk reporting and continuous monitoring.
• Work with business owners on known risks for remediation or compensating controls for policy adherence.
• Facilitate documentation and approval process for Risk Acceptance.

What You'll Bring to the Table

• Bachelor’s degree or equivalent experience in Information Technology or related field.
• 2+ years’ experience in cybersecurity as a practitioner, with 1+ years in GRC role. Experience working with other compliance driven teams such as Legal, Audit, etc. IT infrastructure background a plus.
• Demonstrated situational awareness of relevant laws and regulations and frameworks. Familiar with risk management methods and frameworks.
• Strong risk management skills, including the ability to identify, analyze, and effectively mitigate or manage enterprise risks.
• Excellent written and verbal communication skills, with the ability to clearly communicate complex GRC issues and strategies to various stakeholders.
• Solid ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
• Proven negotiation and influencing abilities to secure buy-in from internal and external partners to achieve GRC objectives.
• Proficiency with GRC technology solutions, as well as a broad understanding of information security principles and best practices.
• Dedication to continuous learning, staying up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.

#LI-Onsite

#LI-MS1