🌎
This job posting isn't available in all website languages

Settings

Senior Business Security Analyst

📁
Info Security
📅
020212 Requisition #
Apply for Job
Share this Job
Sign Up for Job Alerts

The Senior Business Security Analyst will drive the development, implementation, and management of a global security risk management program.  This position will assist the Manager of Information Security Governance, Risk, and Compliance in achieving operational and tactical goals  and plans by ensuring a comprehensive security risk management methodology is in place, and that procedures to preform risk assessment and management activities are repeatable, scalable, and globally appropriate. The Senior Business Security Analyst will be expected to serve as the primary point of contact and subject matter expert of the security risk management tool and resources, as well as to oversee projects related to security risk. The Senior Business Security Analyst will hold primary responsibility for audit activities related to security risk, including attending meetings with customers and auditors as a subject matter expert, coordinating evidence requests, and driving remediation projects through completion for identified issues.  


Titles and Number of Associates Supervised:
•No direct reports

Primary External Interfaces:
• Suppliers/Vendors
• Contractors assisting with tool maintenance and development

Primary Internal Interfaces:
• Manager, Information Security Governance, Risk, and Compliance 
• Global Resiliency and Security department
• Department and Program Leads across the Company
• Business Process Owners
• System Owners
• Internal Audit

SCOPE OF RESPONSIBILITY 
The Senior Business Security Analyst will drive the development, implementation, and management of a global security risk management program across lines of business and geographical locations.

ESSENTIAL FUNCTIONS 
Responsibility:  Build and operationalize the security risk management program to ensure scalability, repeatability, and standardization across geographies, business units, and external partner environments
Tasks:
• Develop risk management policies, standards, and procedures to define how the global security risk management program will operate
• Develop, implement, and communicate risk classification, criteria, and criticality ratings matrices to provide a quantitative approach to measuring security risk
• Define security risk acceptance criteria, and implement a process to document acceptance and regularly reassess accepted risks for changes
• Manage the security risk variance process, including analyzing new variance requests, working with subject matter experts to measure the resulting risk and identify compensating controls, and maintaining a database of all variances  30%

Responsibility:  Perform risk assessments over business areas, geographies, and vendors to identify and remediate security gaps
Tasks:
• Identify critical third party vendors and perform regular due diligence activities to ensure Diebold Nixdorf assets are being appropriately secured and required controls are in place
• Liaison with all areas of the organization to identify, assess and manage potential internal security risks and drive accountability for risk reduction efforts
• Ensure proper security controls are embedded throughout the organization’s services, processes, and systems
• Track identified risks through remediation or acceptance

Responsibility:  Develop and maintain security risk management tools and resources
Tasks:
• Work with technical experts to implement and maintain the security risk management tool
• Manage and maintain security risk databases, documents, and risk register
• Develop communications, presentations, and educational resources to help drive greater awareness and understanding of the security risk management program to the overall organization 

Responsibility:  Serve as point of contact and subject matter expert for the security risk management program
Tasks:
• Participate in customer and regulatory audits to explain Diebold Nixdorf’s security risk management methodology and provide evidence of program operation as necessary
• Participate in internal associate education and awareness activities to drive greater awareness of the program and to encourage greater participation and partnership across the organization
• Build strong relationships with other business units and geographies to ensure proactive inclusion of the security organization in new initiatives

• Ideally, at least 3-5 years of experience in security, audit, risk management, IT, or other relevant field
• 2+ years of progressive experience in assessing and/or implementing security controls 
• Knowledge of security frameworks and regulations, such as ISO 27001/27002, PCI, COBIT, NIST, SOX, GLBA, GDPR
• One or more Professional Security or Risk certifications preferred (CISA, CRISC, CISM, CISSP, etc.)
• Familiarity with risk management tool (Modulo, Archer, etc.) preferred

Diebold Nixdorf, Incorporated is an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, age, national origin, genetic information, disability or protected veteran status.

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

North Canton, Ohio, United States

📁 Info Security

North Canton, Ohio, United States

📁 Info Security

North Canton, Ohio, United States

📁 Info Security