IT Security & Compliance Analyst II

Department:  Information Technology
Date:  Sep 15, 2022

Company Overview

FMC Corporation is a leading specialty company focused on agricultural technologies. FMC provides innovative and cost-effective solutions to enhance crop yield and quality by controlling a broad spectrum of insects, weeds and disease, as well as in non-agricultural markets for pest control. FMC is a globally diverse organization that offers its employees exciting opportunities to work on challenging projects that are important to the achievement of our strategic objectives. Your education and professional experience are valued and put to use from day one. Your success at completing key initiatives can result in a varied, progressive and fulfilling career with FMC. With a corporate culture of innovation, integrity, responsibility and customer intimacy, we foster “The Right Chemistry” in everything we do. We are looking for people to join us in creating, developing, and improving our products, our processes, and our markets.  If you are ready to make a difference every day, FMC is ready to talk to you.


Job Overview and Primary Responsibilities

The FMC IT Security & Compliance Analyst will report to the IT Security & Compliance Manager. This individual will work closely with IT management, key business stakeholders and internal and external audit teams to ensure IT Compliance programs and IT Security deliverables are met to safeguard FMC’s environment while reducing risk throughout the company. This position will implement new solutions and processes using industry best practices and will remediate or mitigate any associated gaps identified.


Major Responsibility Areas (MRAs)  

  • Manage and maintain the global IT Security Awareness program. Create security awareness training necessary to ensure the adherence to FMC policies, standards and overall security controls. Develop anti-phishing campaigns, track global metrics and identify areas for improvement.
  • Conduct training and other awareness activities to ensure global IT sites are compliant.
  • Assist in evidence gathering for ITGC SOX controls including S4 SAP, updates annual control book, identifies gaps, and work with control owners to remediate deficiencies.
  • Interpret audit results and works with key stakeholders to remediated findings.
  • Work with different teams within Corporate and site IT resources to effectively manage their respective controls and security related activities.
  • Assist in the creation, review, and provide periodic updates to IT Policies and Standards.
  • Establish, implement and conduct key periodic reviews over privileged accounts.
  • Implement Microsoft security and compliance controls.
  • Configures, tracks and maintains vulnerability management compliance reports. Identifies and shares recommended remediation for zero day and critical vulnerabilities. Participates in monthly patch review meetings.
  • Identify global IT risks, organizes IT Risk Review Meetings, assists in the creation of the agenda, maintains issue log and ensure issues are mitigated or closed timely.
  • Actively track and communicate restraints, conflicts or gaps in existing processes as well as cross functional team remediation.
  • Perform security cloud assessments and develop and implement cloud security controls.
  • Monitor and track best practices and emerging compliance changes/impacts for continuous improvement opportunities.
  • Ensure FMC handles personal data safely, responsibly and follows all applicable data protection and privacy laws, including the EU General Data Protection Regulation (“GDPR”).
  • Assist FMC management teams to resolve data security and privacy issues.
  • Partner across multiple teams to build and improve the compliance framework for developing and deploying IT systems, infrastructure and policies that adhere to standard privacy practices



  • BS in information technology or related field



  • Minimum of 4-5 years of experience in a combination of IT Risk assessment, IT Controls, IT Audit fields
  • 2+ years in-depth experience in auditing SAP
  • At least one certification is preferred, but not required - CRISC, CISA etc.
  • Technical knowledge of Microsoft E5 Security Bundle; SAP GRC; Windows and *NIX operating systems; Active Directory; 3rd party vendor assessments/SOC 1/2 report review; Privileged Access Management (CyberArk)
  • Working knowledge of applications, databases, SaaS and cloud applications
  • Some knowledge of IAM Solutions, Incident Response a plus.
  • Some knowledge of security control implementation for applicable privacy laws, experience with the OneTrust tool is a plus.


Soft Skills

  • Excellent communications skills with an emphasis on follow-through, tracking and meticulous attention to detail are required
  • Strong analytical and problem-solving skills
  • A self-starter that has the ability to work independently, adjust priorities, and work in a continuously changing environment

Nearest Major Market: Philadelphia