*Job Title :Information Security Analyst*
*Location :Minneapolis, MN.*
*Mode of interview: Phone/skype*
*Must have an IT background for this role.*
*• Minimum 3 years professional experience, including 1 year working in
area of ITGRC or controls function. • Prior experience in Audit, risk
management, governance, IT security and / or compliance functions • Proven
experience dealing with ambiguous situations, and producing a consistent
result with varied input*
• Knowledge of information risk concepts and practices required
• Knowledge of controls manifestation in large global corporations with
regional and local presence is required
• Experience of working across business units and geographical boundaries
to engage IT, business and team members is required
• Experience communicating conceptual and technical information.
• Experience translating technical data into business impact information.
• Ability to investigate, question and interpret internal and external
security environments is required
• *Knowledge of Frameworks, including PCI, SOX and ISO 2700x*
• Detailed knowledge of ITGRC, Auditing principles / practices is desired
• Good understanding of Vendor management desired
• Good understanding of security frameworks desired
• Good project management skills desired
• Experience with some networking and security technologies such as IPSEC
(Internet Security Protocol), VPN (Virtual Private Network), routers,
switches, firewalls, intrusion detection and prevention, data leakage, WAF
(Web Application Firewall).
• Experience in examining reports on security controls (SSAE-16, PCI-ROC,
Application Security Assessments)
• Execute effective security risk assessments and coordinate with rest of
the Global Privacy and Security Office (GPSO) team in delivering requited
• Contribute continuous improvement to the methodologies and practices of
the GPSO to attain higher capability maturity levels
• Effectively manage third party security risk throughout the vendor
• Appropriately challenge and require high quality findings and issue
definition from regional and local control owners
• Provide support of policy / standards exceptions, report status to
regional and local management, and advise on corrective actions
• Maintain, manage and monitor regional and local compliance to the
internal control frameworks such as the Security Policies and Standards,
SOX, regulatory / legal and other obligations / requirements
• Prepare stakeholder presentations for regional stakeholders and senior
• Provide insight on the deployment of security technology solutions at
vendors, which may include technology for encryption, firewalls,
authorization, authentication, intrusion detection, and gateway security
• Prepares status reports on security matters to analyze security risk and
response of vendor security controls. Monitors and proactively recommends
solutions for correcting issues related to security technology performance
and capabilities of vendors.
• Provides direct support to the business and IT staff for security-related
issues, which may include off hour analysis of vendor security posture.
• Determine and communicate security/privacy risk to partners and leaders
• Demonstrate strong knowledge of IT security controls, security risk and
Thanks & Regards
3736 Hills-Dale Court,
Santa Clara, CA 95051
You received this message because you are subscribed to the Google Groups "SAP
or Oracle Financials" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/sap-or-oracle-financials.
For more options, visit https://groups.google.com/d/optout.