|Location||Des Moines, IA|
|Date Posted||August 26, 2020|
The Governance, Risk & Compliance (GRC) Analyst is a critical position within the Information Security team at Meredith Corporation. Working closely with the GRC team the Analyst is responsible for building upon and enhancing the GRC portfolio of projects and efforts to raise the overall security posture for Meredith.
This individual will be responsible for the development and maintenance of policies, procedures and reporting to assure compliance with applicable regulatory, internal security requirements, and good InfoSec practices. The GRC Analyst drives risk analysis, risk management and risk registry efforts for various Information Services systems and processes.
The primary goal of this role is to lead specific projects that ensure compliance with regulatory standards and frameworks including, but not limited to: NIST, ISO27001/2, PCI-DSS, GDPR.
They will also liaise with IT, Audit, Risk Management, and the General Counsel to identify, track and provide remediation guidance on new and outstanding issues and report risk metrics to the Director of GRC.
This role will also coordinate with Enterprise IT, Legal, Human Resources, and other business units to gather risk and compliance details, training and assess impact for the purposes of risk mitigation.
Essential Job Functions
Weight % Accountabilities, Actions and Expected Measurable Results
Manage regulatory compliance efforts including on-going PCI and GDPR programs.
*Work closely with the GRC team to ensure PCI and GDPR compliance standards are met across the organization
* Interact with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies
* Effectively engages Meredith business partners, suppliers and vendors to properly tune and maximize capabilities to leverage risk reduction.
* Maintains expert knowledge in the field of risk management including qualitative and quantitative risk management, information inventory management, data collection and analytics.
Policy development, enhancement to support the organization's risk posture
* Must stay current with industry, regulatory, and legal requirements relevant to the processes associated with incident management.
Management of InfoSec risk and associated reporting of risk metrics to the Director team.
* Assists in the coordination and completion of information security metrics and reporting
Contract management and negotiation on security language in vendor contracts
Work closely with legal and procurement on contract negotiation and management.
Minimum Qualifications and Job Requirements | All must be met to be considered.
Bachelor's Degree or equivalent training or experience.
Minimum 4 years of progressive experience in security and compliance management programs; interactions with and support of clients; risk management and other GRC responsibilities within a large organization, preferably within a professional services firm or similar.
Specific Knowledge, Skills and Abilities:
- Working knowledge of GRC tools such as One Trust.
- Knowledge of industry regulations and standards (e.g. PCI,GDPR,ISO,NIST) as well as core technology infrastructure (e.g. firewalls, vpns, servers, databases, Internet technologies).
- Proven experience interacting with regulators, internal auditors and/or external auditors.
- Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, and ISO standards Must have the ability to influence others and work at all management levels across the organizational structure.
- Must have demonstrated experience with managing information security functions, including governance, frameworks, processes, tools, scorecards, and dashboards under aggressive deadlines and with competing priorities.
- Preferred certifications include: CISA, CISSP, CISM, CRISC
% Travel Required (Approximate): None