Senior Information Security Risk Analyst United States
The senior Information Security Risk Analyst (SISRA) provides information security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, mobile devices and networks. The SISRA develops security requirements, conducts security risk assessments, designs security solutions, evaluates application and system architectures, and develops and reviews security policies and standards. The SISRA provides information security risk consulting to business units, information technology (IT) organizations, CCR, BIG and supports global operational security functions. The SISRA leads the information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business, and operational applications and systems across the company. This role serves as a senior staff member of the Information Risk Management (IRM) team with Information security expertise to mitigate Information Security, BCP and privacy risks to TCCC, CCR, and BIG including its stakeholders and customers. This individual will lead development of awareness programs and coordinate delivery of IRM services for North America.
RESPONSIBILITIES:
1. Provides subject matter expertise in information security for TCCC Information Risk Mgt. (IRM) Vision 2020 projects. Contribute to the strategic roadmap for TCCC, CCR, and BIG IRM initiatives and measure program effectiveness, including security awareness.
2. Performs application and technology design risk reviews, requirements analysis, testing oversight, risk remediation planning, and security project management.
3. Assist with the development and support the effectiveness of the IRM Global Information Security (IRM) function through the creation, distribution and delivery of security awareness materials relating to IRM strategy, objectives and goals; integration with business plans, coordination with TCCC, CCR, and BIG groups performing related functions, etc. Develop presentations suitable for communication IRM progress with employees, third parties and Executive Management.
4. Lead the development and delivery of plans and programs to drive the implementation of IRM strategies across North America. This includes a 3 year plan to achieve “commitment based security” as defined in the USC Marshall School of Business Security Continuum – with particular focus on the communications components necessary to affect the needed culture changes at TCCC, CCR, and BIG.
5. Performs risk management research and analysis that will lead to technical security requirements impacting Information security and Privacy policies
6. Assists and develops TCCC, CCR, and BIG global security and privacy strategy and plan, including ensuring that security deliverables and milestones are achieved.
7. Leads internal and external communication including security awareness, issue resolution, vendor relationships, testing plans, training plans, and successful transition to additional security teams
8. Analyse information security solutions for their effectiveness to drive adherence to Information Security policy and privacy laws.
QUALIFICATIONS:
• CISSP, CISM, CISA, CCSA, CCSE Preferred
• Computer Science/.Information Security Advanced degree is preferred
• 8-10+ years of experience and subject matter knowledge in information security for applications, web architectures, operating systems, databases, and networks.
• 8-10+ years of experience in security risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems. .
• Ability to create awareness materials and communication directed to employees including technical staff.
• Knowledge and experience in the implementation of security risk management processes and frameworks, such as NIST and ISO guidelines and standards.
• 8 –10+ years of experience demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP and SOX.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of information security principles to business leaders and technical staff.
• Excellent oral and written communications skills
• Experience in internal processes in working with MSSPs and other externally managed security services.
• Threat Intelligence gathering whether internally or externally through services such as Cyveillance and ISight Partners.
Honesty and integrity have always been cornerstone values of The Coca-Cola Company. Our passion for people of integrity mirrors our spirited drive for total quality in our brands. These and other elements allow the company to sustain strategic practices and drive business performance. The Personnel Integrity Assurance Program is another step toward making The Coca-Cola Company the premier workplace.
This process includes a pre-employment background investigation that applies to all applicants employees and contractors of the company. The scope of this inquiry may cover such elements as education employment history a criminal history check reference checks and a pre-employment drug screen.
Designated countries or sensitive positions within the company may have more stringent standards.
At The Coca-Cola Company you can cultivate your career in a challenging and dynamic environment. We are the largest manufacturer and distributor of nonalcoholic drinks in the world-selling more than 1 billion drinks a day. Unlock your full potential with a future-focused company that is known and respected throughout the world.
RESPONSIBILITIES:
1. Provides subject matter expertise in information security for TCCC Information Risk Mgt. (IRM) Vision 2020 projects. Contribute to the strategic roadmap for TCCC, CCR, and BIG IRM initiatives and measure program effectiveness, including security awareness.
2. Performs application and technology design risk reviews, requirements analysis, testing oversight, risk remediation planning, and security project management.
3. Assist with the development and support the effectiveness of the IRM Global Information Security (IRM) function through the creation, distribution and delivery of security awareness materials relating to IRM strategy, objectives and goals; integration with business plans, coordination with TCCC, CCR, and BIG groups performing related functions, etc. Develop presentations suitable for communication IRM progress with employees, third parties and Executive Management.
4. Lead the development and delivery of plans and programs to drive the implementation of IRM strategies across North America. This includes a 3 year plan to achieve “commitment based security” as defined in the USC Marshall School of Business Security Continuum – with particular focus on the communications components necessary to affect the needed culture changes at TCCC, CCR, and BIG.
5. Performs risk management research and analysis that will lead to technical security requirements impacting Information security and Privacy policies
6. Assists and develops TCCC, CCR, and BIG global security and privacy strategy and plan, including ensuring that security deliverables and milestones are achieved.
7. Leads internal and external communication including security awareness, issue resolution, vendor relationships, testing plans, training plans, and successful transition to additional security teams
8. Analyse information security solutions for their effectiveness to drive adherence to Information Security policy and privacy laws.
QUALIFICATIONS:
• CISSP, CISM, CISA, CCSA, CCSE Preferred
• Computer Science/.Information Security Advanced degree is preferred
• 8-10+ years of experience and subject matter knowledge in information security for applications, web architectures, operating systems, databases, and networks.
• 8-10+ years of experience in security risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems. .
• Ability to create awareness materials and communication directed to employees including technical staff.
• Knowledge and experience in the implementation of security risk management processes and frameworks, such as NIST and ISO guidelines and standards.
• 8 –10+ years of experience demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP and SOX.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of information security principles to business leaders and technical staff.
• Excellent oral and written communications skills
• Experience in internal processes in working with MSSPs and other externally managed security services.
• Threat Intelligence gathering whether internally or externally through services such as Cyveillance and ISight Partners.
Honesty and integrity have always been cornerstone values of The Coca-Cola Company. Our passion for people of integrity mirrors our spirited drive for total quality in our brands. These and other elements allow the company to sustain strategic practices and drive business performance. The Personnel Integrity Assurance Program is another step toward making The Coca-Cola Company the premier workplace.
This process includes a pre-employment background investigation that applies to all applicants employees and contractors of the company. The scope of this inquiry may cover such elements as education employment history a criminal history check reference checks and a pre-employment drug screen.
Designated countries or sensitive positions within the company may have more stringent standards.
At The Coca-Cola Company you can cultivate your career in a challenging and dynamic environment. We are the largest manufacturer and distributor of nonalcoholic drinks in the world-selling more than 1 billion drinks a day. Unlock your full potential with a future-focused company that is known and respected throughout the world.
| Senior Information Security Risk Analyst | United States |
Post a Comment