Global Cybersecurity Compliance Analyst (Only W2)

Title : Global Cybersecurity Compliance Analyst

Are you the right candidate for this opportunity Make sure to read the full description below.

Location : Onsite day 1, hybrid in Northbrook, IL (Need Local)

The Global Cybersecurity Compliance Analyst will be responsible for identifying, analyzing, reporting, and ensuring security processes and controls are designed, managed, and assessed for effectiveness to reduce overall compliance risks across the organization.

This role will be part of Global Cybersecurity Risk and Compliance Management team, reporting to the Global Cybersecurity Risk and Compliance Manager.

JOB RESPONSIBILITIES

The Global Cybersecurity Compliance Analyst candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include :

Identify, document, and conduct compliance assessments and validate the effectiveness of cybersecurity controls across the organization

Communicates assessment issues to team owners and custodians of information risk business partners, or information governance teams and information security teams.

Proactively manage and maintain UL customers requests (questionnaire) process by collaborating with relevant key stakeholders across the organization to complete / respond to cybersecurity related questions

Partner with IT teams and other key stakeholders (e.g., Legal), advising both on applicable control requirements and potential solutions to address compliance issues

Identify control deficiencies and maintain records of deficiency details including management response documentation and exposure check evidence

Stay abreast of and proactively informed on developing relevant legislative, statutory, contractual, regulatory concerns and evolving compliance control solutions

Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.

Assist with developing and maintain compliance and risk monitoring mechanisms such as Key Risk Indicators (KRI), reports on status of risk assessment, control effectiveness issues remediation and internal audit findings

Understands and applies relevant regulatory and legal compliance requirements

Perform other duties as assigned

Requirements

A successful Global Cybersecurity Compliance Analyst candidate will have the expertise and skills described below.

Education, Training and Previous Experience

Candidates will be evaluated primarily on their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows :

BS or MA in Business, Computer Science, Information Security, or a related field

2 ] years of work experience in information security, especially in an information cybersecurity risk role

2 ] years of experience in managing risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation, and remediation if risk

Technical background or demonstrable understanding of a range of operational and IT risks and operations

Strong business background; experience gathering and interpreting risks and associated impacts in the context of financial and operational concerns

Strong understanding of compliance and risk-related issues through demonstrated experience managing, information security or regulatory compliance programs, and audits

4 ] years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)

Desired, but not required :

Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and / or Certified Information Systems Auditor (CISA)