Lead Analyst, Cybersecurity Governance

As a Lead Analyst, Cybersecurity Governance, you will hold a pivotal role in assisting with building and implementing governance frameworks tailored to our on-site and SaaS environments, including policies, standards and controls, in accordance with legal, regulatory, and contractual requirements. Additionally, in this role you will perform as a listening post with external teams to identify gaps and trends, and emerging risks in our technology and cybersecurity programs. The right person for this role will possess a deep understanding of technology and cybersecurity frameworks and regulations and have experience applying them in a highly regulated environment.

Members of the Cybersecurity Governance team are motivated, detail-oriented, and thrive in a collaborative environment where they will add value to key business partners. This position will require you to be adaptive, willing to drive change and innovation, and work in a fast-paced environment requiring collaboration and the ability to organize and prioritize assignments.

Responsibilities:

• Draft technology and cybersecurity policies and standards with cross-functional input.
• Conduct reviews of technology and cybersecurity policies and standards to ensure they are up to date with regulations and controls.
• Collaborate across the organization on defining and documenting technology and cybersecurity controls and ensuring procedure are documented.
• Maintain and update the controls matrix in alignment with multiple frameworks and regulations.
• Maintain and update the GRC tool.
• Interacts with related disciplines through committees, to ensure the consistent application and enforcement of policies and standards across all technology projects, systems and services.

Qualifications:

• Bachelor's Degree with a focus in Cybersecurity, Information Technology disciplines or equivalent experience.
• Minimum of 5 years of experience in cybersecurity, technology audit, risk management, or GRC (Governance, Risk and Compliance)
• Knowledge of cybersecurity frameworks, such as NIST, SOC2, and CIS.
• Knowledge of cybersecurity laws and regulations, industry standards and best practices including GLBA 501(b), NYDFS and PCI.
• Strong verbal and written communication and presentation skills with the ability to prepare and deliver complex data in a way that is concise/understandable.
• Strong organizational skills and the ability to manage workstreams and collaborate with technical teams.
• Ability to identify gaps and non-compliance with a policy/standard.
• Ability to map multiple regulations to policies, standards and controls.

Benefits:

Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That’s why we packed our comprehensive benefits package for full- and some part-timers with:

• Health and wellbeing options for team members and their dependents

• Up to 4% matching 401(k)

• Tuition reimbursement

• Continuing education

• Bonus eligible

• Paid time off

• Paid volunteer time

• And more

Our Company:

OneMain Financial is the country’s largest lending-exclusive financial company, a trusted name in lending for over 100 years. Since 2005 alone, we have looked beyond customers credit scores to lend more than $152 billion to 16.2 million people looking for simple, affordable loans.

With branches across 44 states, we're proud partners of the families and communities we serve. They turn to us to help meet important financial needs, including debt consolidation, medical expenses, household bills and auto purchases. It’s all about doing the right thing – a mission that hasn’t changed for more than 100 years.