IT Security & Compliance Analyst

Duties: Manage and maintain the global IT Security Awareness program. Create security awareness training necessary to ensure the adherence to the company’s policies, standards and overall security controls. Develop anti-phishing campaigns, track global metrics and identify areas for improvement. Conduct training and other awareness activities to ensure global IT sites are compliant. Assist in evidence gathering for ITGC SOX controls including S4 SAP, updates annual control book, identifies gaps, and work with control owners to remediate deficiencies. Interpret audit results and works with key stakeholders to remediated findings. Work with different teams within Corporate and site IT resources to effectively manage their respective controls and security related activities. Assist in the creation, review, and provide periodic updates to IT Policies and Standards. Deliver expert advice and update KPIs regarding the security status of the company’s environment. Provide guidance on the latest security practices, tools, and technology. Assist in the development and maintenance of the company’s Vulnerability Management Program. Establish, implement and conduct key periodic reviews over privileged accounts. Implement Microsoft security and compliance controls. Configure, track and maintain vulnerability management compliance reports. Identify and share recommended remediation for zero day and critical vulnerabilities. Participate in monthly patch review meetings. Identify global IT risks, organizes IT Risk Review Meetings, assists in the creation of the agenda, maintains issue log and ensure issues are mitigated or closed timely. Actively track and communicate restraints, conflicts or gaps in existing processes as well as cross functional team remediation. Perform security cloud assessments and develop and implement cloud security controls. Monitor and track best practices and emerging compliance changes/impacts for continuous improvement opportunities. Ensure the company’s handles personal data safely, responsibly and follows all applicable data protection and privacy laws, including the EU General Data Protection Regulation (“GDPR”). Assist the company’s management teams to resolve data security and privacy issues. Partner across multiple teams to build and improve the compliance framework for developing and deploying IT systems, infrastructure and policies that adhere to standard privacy practices.

Requirements: Requires Bachelor’s degree in Cybersecurity, Information Technology, Computer Science or related field of study, and 3 years of experience in any job title/occupation/position in a combination of IT Risk assessment, IT Controls, Access Management or IT Security fields. Requires each of the following: 3 years of experience working with cross-functional SaaS applications and databases to provide security guidance and assist in the development of best security practices and controls; 3 years of experience with IAM Solutions; 2 years of experience with Microsoft Enterprise Security, Vulnerability Management applications, Windows, Unix and Linux operating systems, Active Directory, and Privileged Access Management (CyberArk); 2 years of experience with Network Security and Incident Response; 1 year of experience working with 3rd party vendor risk assessments and SOC 1 and 2 report review. Requires experience working with S/4 HANA and SAP GRC. Requires at least one of the following certifications: CRISC, CISA, CISSP or CEH. Telecommuting permitted 2 days per week.

Work Location: 2929 Walnut Street, Philadelphia, PA 19104