Cybersecurity Analyst - Application Security

Sims Limited (Sims) is a global leader in metal and electronics recycling, and an emerging leader in the renewable energy industry. With facilities across the globe, Sims plays an intrinsic role in the circular economy by making resources available for future use. As a responsible corporate citizen, we continuously seek new ways to broaden our participation in the environmental sector, ensuring that our future is as bright, safe, and secure as at any time in our long history.

With a promote-from-within philosophy and a variety of programs available to support continuous learning, Sims offers the opportunity for a rewarding career. We are committed to the ecologically sound and sustainable use of resources and strive to operate in a manner that minimizes waste and protects the environment.

GRC Duties

• Proficient with GRC (Governance, Risk & Compliance) access management tools (e.g., Saviynt EIC)
• Provisioning/deprovisioning users into enterprise ERP applications (including S4/HANA, D365, etc.) or ability to onboard target applications into Saviynt EIC tool
• Familiarlity with provisioning emergency access (Firefighter) and priveledged access management (PAM)
• Experience with management and monitoring of privileged access to all SAP applications, and other cloud-based applications
• Identification and reporting of user segregation of duty (SoD) issues accross global applications.
• Working with internal/external auditors to resolve security issues
• Research and document cybersecurity policy exceptions and ensure compliance
  
  

Cybersecurity Duties

• Work with our MSSP to preview and prepare vulnerability reporting for distribution to our Infrastructure team for rememediation.
• Assist with updating and maintaining cybersecurity policies and standards regarding compliance, education, and security awareness
• Set up, deploy, and report on phishing camkpaigns and remediation training.
• Prepare bi-annual cybersecurity awareness training and work with LMS department to set up cybersecurity content from our training partner.
• Work with information systems stakeholders and administrators to understand their security needs.
• Assist with maintaining our IT policy library and annual policy review/renewals.
• Perform research for best practices cybersecurity practices and developing new IT policies to address current security trends.
  
  

Core Responsibilities

• Ability to work both alone and as part of a team environment.
• Work with our users to ensure compliance with all corporate IT policies, procedures, and initiatives.
• Stay up to date with the latest Cybersecurity and GRC vulnerabilities and software.
  
  

Key Performance Indicator (KPIs)

• Ability to analyze and access vulnerability scanning and penetration reports
• ERP user provisioning and de-provisioning in a large-scale environment
• Time to resolve security incidents
• Technical writing ability
  
  

Experience / Qualifications Required

• Cybersecurity certifications preferred
• AA or bachelor’s degree preferred
• Minimum of 2 years’ experience in IT security in an enterprise environment
  
  

Skills

• Working experience with provisioning cloud applications (e.g., S4/HANA, D365, etc.)
• Cybersecurity skills including analyzing vulnerability reports for determining a remediation plan.
• Technical writing including policy and procedural documents.
• Knowledgeable with MFA and authentication processes and protocols
• Familiarity with authentication services, as well as PKI and token/certificate-based authentication, DNS, and AD structure
• Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling, CIS)
• Understanding of security frameworks such as ISO 27001, NIST CSF, GDPR, etc.
• Meaningful hands-on experience with GRC tools and SAP is required.
• Security awareness and phishing campaign management and reporting
• Working knowledge of vulnerability management processes and KPI’s
• A thorough understanding of technology, tools, policies, and standards related to security systems and incident response
• Solid technical knowledge of Windows and networking environments
  
  

CORE COMPETENCIES

• Support onboarding/configuration of Disconnected and Connected application to Saviynt
• Support risk remediation and mitigation campaigns using Saviynt
• Support access reviews using Saviynt
• Support ruleset management in Saviynt
• Strong colorabation skills for working with application stakeholders on application security
• Ability to work in global time zones including NA, APAC, and EU as needed. Primary work will be in NA (Chicago)
• Ability to clearly communicate information security matters to managers, auditors, end users, and engineers
• Ability to quickly understand systems to identify and validate security requirements.
• Strong analytical skills, documentation creation skills (presentations and policies), and awareness of change management practices
• Handle highly confidential information in a strictly professional manner
• Able to work outside of regular business hours as required, working with different time zones regularly.
• Assist with interactions with business leadership and users to gather and document business and technical requirements (both functional and non-functional)
• Ensure proper documentation and traceability of the business requirements through the solution design and delivery process
• Provide problem resolution of customer issues reported via the IT Service Desk System
• Assist with updating and maintaining cybersecurity policies and standards in regard to compliance, education, and security awareness
• Willingness to learn and expand knowledge and capability in new areas as needed
  
  

Planning & Project Management

Plan and complete tasks, goals and projects with short to medium-term impacts, keep own and team's work aligned with business goals, accountable for completion of own and team’s tasks and goals, keep information organized and accessible, work systematically and efficiently, manage resources efficiently, create contingency plans

Business & Job Knowledge

Understand own and team's duties and responsibilities, has necessary technical skills, has necessary job and product/market knowledge, keep job and product/market knowledge current, understand and communicate policies and procedures applicable to self and team

A career with Sims provides you with the opportunity to work with an organization whose goal is to be the world’s safest and most responsible recycling company. Our people achieve this by creating a zero-harm workplace, being exemplary members of the communities in which we operate, and being responsible stewards of the environment. We also offer competitive pay and a range of attractive benefits.

Sims is proud to be an equal opportunity employer. We value the diversity of all of our employees and are committed to creating an inclusive working environment where everyone can contribute, advance on merit, and realize their full potential. Sims does not discriminate with regard to race, sex, religion, color, national origin, citizenship status, disability, age, marital or familial status, sexual orientation, gender identity, gender expression, veteran status, housing status, source of income, or any other status protected by federal, state, or local laws. This applies to any employment decision, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Qualified applicants with a disability in need of a reasonable accommodation may request such without fear of reprisal or discrimination.

To achieve our purpose to create a world without waste to preserve our planet, we are guided by our Principles of Purpose: Be Safe Well, Band Together, Be Accountable Transparent, Consistently Innovate, Inspire with Purpose, Celebrate Have Fun.