We Hire America Jobs

Mobile We Hire America Logo
WeHireAmerica.jobs is a service of HR Policy Foundation and DirectEmployers Association. These two non-profit organizations are providing this free resource to help educators, policy makers and job seekers understand the great employment opportunities available here in the U.S. at some of America's biggest and best companies.

Job Information

ADM SECURITY GOVERNANCE ANALYST in Erlanger, Kentucky

80881BR

Job Title:

SECURITY GOVERNANCE ANALYST

Department/Function:

Information Technology

Job Description:

Security Governance Analyst – Erlanger, KY

This role will report to the Director Security Governance & Awareness within Global Information & Cyber Security as a member of the security governance team to help with governance of the Information Security program and security risks. Together with the Director Security Governance & Awareness, this role will reduce risk by continuously reviewing, refining, and recommending improvements to the Information Security operating model, policies, standards, and processes and provide reporting and recommendations to the CTO, CISO, and senior leadership.

Job Responsibilities:

• Develop, maintain, evaluate and implement policies and procedures aligned with both business requirements and legislative changes, (i.e. ISO 27001/27002, COBIT 5, NIST CSF, NIS2, GDPR).

• Collaborate with subject matter experts to write policies and standards in line with the ADM Control Framework, based on NIST CSF, ISO 27001/27002, SCF (Secure Controls Framework).

• Lead control assessment activities addressing security and regulatory requirements, engaging appropriate business units and personnel to plan and execute the ADM Control Governance program, documenting gaps/vulnerabilities and driving risk identification and intake.

• Manage and maintain GICS Sharepoint sites for security awareness, policies, standards, training, newsletters and reporting of threats.

• Analyze, implement, review and update security policies, standards, and controls, collaborating with leadership to develop and implement security policies and standards aligned with enterprise objectives.

• Collaborate with subject matter experts to align security and compliance requirements with emerging business needs.

• Participate in the development and implementation of security awareness program training, materials, and events. Develop and deliver content to educate the business about the ADM Control Framework and other organizational programs.

• Manage Global Information & Cyber Security SharePoint Site, Yammer and Social Chorus, including all security awareness newsletters, videos, promotions, team updates, policies and standards.

• Develop and communicate guidelines for enterprise security practices.

• Assist with control design and implementation for the ADM Control Framework, including tracking and reporting progress, security control gaps, and metrics.

• Proactively identify and collect appropriate and meaningful metrics to be reported in order for the business leaders to make appropriate risk based decisions.

• Monitor compliance with security policies and standards across the organization utilizing reporting and metrics, driving process improvement.

• Compile, review, and analyze security information to provide recommendations, metrics, and reports for management review and decision making.

• Facilitation and management of security policies, policy exceptions, standards, procedures and guidelines.

• Document and track requests for variance from standards. Monitor risk mitigation processes and progress until variances are closed.

• Actively stay aware of processes and methods for identifying and addressing non-compliance to information security standards and communicate the findings clearly to business areas.

• Collaborate with key business units and capability stakeholders, including, but not limited to, Privacy, IT, Internal Audit, InfoSec, Corporate Security, and HR to develop and improve Information Governance across the enterprise.

• Establish security metric baselines and generate reports reflecting current performance against those baselines using Power BI.

• Document narrative summary and analysis of the metrics.

• Review, track and update company standards for compliance to legal and regulatory requirements. Work with subject matter experts to maintain documentation; modifies or creates new security standards as needed.

• Monitor compliance with security policies and standards across the organization utilizing reporting and metrics. Drive compliance improvement to processes.

• Document and track requests for variance from standards. Monitor risk mitigation processes and progress with the clients until variances are closed.

Job Requirements:

• BA/BS degree or higher or equivalent experience.

• Minimum of 3-5 years of experience in security and IT/OT related fields. Specifically 2-3 years of experience in a GRC discipline.

• Experience managing SharePoint sites (web development), posting updates and configuring sites and forms.

• Experience with Security Awareness program management and implementation.

• Basic knowledge and understanding

  • risk assessment and control methods.

  • end-user computing tools, hardware, application software, network, communications and mobile technologies.

  • information security policies, standards and processes.

  • electronic record retention policies and standards.

• 2-3 years of regulatory requirements and frameworks such as ISO 27001/27002, PCI, CIS CSC, SOX, HIPPA, COBIT, GDPR or NIST Cyber Security Framework (CSF).

• SANS 401 (can be obtained after employment).

• Proven success implementing security policies, standards, and/or controls.

• Ability to translate strategy into actionable plans impact organizational change.

• Familiarity with complex multi-national companies and distributed business models.

• Experience in one or more of the following areas preferred: network administration, systems administration, SDLC/secure soft, encryption, asset management, identity and access management, Audit, Governance Risk & Compliance, IT Operations, Security Risk Management.

Desired Skills:

• Practical experience implementing NIST, ISO, or other industry standards Certifications, such as CISM, CISSP, CISA, or CRISC.

• Experience using a GRC tool (i.e. Archer, Lock path, OneTrust).

• Experience using a Policy workflow software such as Policy Tech.

• Strong Understanding of vulnerability management.

• Understanding of security technologies such as firewalls, IDS, IPS, encryption, IDAM, SIEM, etc.

• Understanding and knowledge of Sarbanes-Oxley, NIS2 Directive, GDPR (General Data Protection Regulation), LGPD and IT General Controls. Knowledge of third party auditing, such as cloud, and risk assessment methodologies.

City:

Erlanger

State:

KY - Kentucky

Ref ID:

#LI-SU1

About ADM::

ADM unlocks the power of nature to enrich the quality of life. We're a premier global human and animal nutrition company, delivering solutions today with an eye to the future. We're blazing new trails in health and well-being as our scientists develop groundbreaking products to support healthier living. We're a cutting-edge innovator leading the way to a new future of plant-based consumer and industrial solutions to replace petroleum-based products. We're an unmatched agricultural supply chain manager and processor, providing food security by connecting local needs with global capabilities. And we're a leader in sustainability, scaling across entire value chains to help decarbonize our industry and safeguard our planet. From the seed of the idea to the outcome of the solution, we give customers an edge in solving the nutritional and sustainability challenges of today and tomorrow. Learn more at www.adm.com.

:

#LI-Onsite

\t:

#IncludingYou

Diversity, equity, inclusion and belonging are cornerstones of ADM’s efforts to continue innovating, driving growth, and delivering outstanding performance. We are committed to attracting and retaining a diverse workforce and create welcoming, truly inclusive work environments — environments that enable every ADM colleague to feel comfortable on the job, make meaningful contributions to our success, and grow their career. We respect and value the unique backgrounds and experiences that each person can bring to ADM because we know that diversity of perspectives makes us better, together.

We are committed to ensuring all qualified applicants receive consideration for employment regardless of race, color, ethnicity, disability, religion, national origin, gender, gender identity, gender expression, marital status, sexual orientation, age, protected veteran status, or any other characteristic protected by law.

We welcome everyone to apply, especially those individuals who are underrepresented in our industry, as we strive to ensure our workforce represents the world that we help to feed: people of color, women, gender non-conforming, LGBTQIA+, veterans and persons with disabilities. For more information regarding our efforts to advance Diversity, Equity, Inclusion & Belonging, please visit our website here: Diversity, Equity and Inclusion | ADM. (https://www.adm.com/en-us/culture-and-careers/diversity-equity-inclusion/)

:

Benefits and Perks

Enriching the quality of life for the world begins by taking care of our colleagues. In addition to competitive pay, we support your diverse needs with a comprehensive total rewards package to enhance your well-being, including:

  • Physical wellness – medical/Rx, dental, vision and on-site wellness center access or gym reimbursement (as applicable).

  • Financial wellness – flexible spending accounts, health savings account, 401(k) with matching contributions and cash balance plan, discounted employee stock purchasing program, life insurance, disability, workers’ compensation, legal assistance, identity theft protection.

  • Mental and social wellness – Employee Assistance Program (EAP), Employee Resource Groups (ERGs) and Colleague Giving Programs (ADM Cares).

Additional benefits include:

  • Paid time off including paid holidays.

  • Adoption assistance and paid maternity and parental leave.

  • Tuition assistance.

  • Company-sponsored training and development resources, such as LinkedIn Learning, language training and mentoring programs.

*Benefits may vary for bargained locations, confirm benefit eligibility with your recruiter.

DirectEmployers