Apply to this job

Back to search

Posted September 8th

Senior Analyst- Governance, Risk, and Compliance

Employer

The Hershey Company

Industry

Supplier

View Full Profile

Posted September 8th

Senior Analyst- Governance, Risk, and Compliance

Job Title: Senior Analyst- Governance, Risk, and Compliance

Job Location: Hershey, PA

Major Duties/Responsibilities:

  • Develop and maintain corporate security policies, standards, guidelines and baselines
  • Identify gaps in the design and operating effectiveness of controls, and identify opportunities for continuous improvement
  • Perform and evaluate information security risk assessments, for various information systems and processes, including annual penetration tests.
  • Develop, monitor, track and report against IT Security metrics and KPIs that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
  • Lead the development and operation of the 3rd party vendor risk assessment program
  • Contribute to the creation of IT and Information Security policies and standards
  • Ensure compliance with PCI, SOX and other global regulations
  • Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
  • Support overall IT SOX 404 program requirements in compliance with information security policies, standards and client security requirements.
  • Track and Ensure adequate and timely resolutions to all audit/review issues relating to security
  • Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented
  • Develop and maintain standards and controls to ensure the protection of data based on classification
  • Manage the attestation program for all IT controls to support assurance and alignment across all information security stakeholders
  • Perform and evaluate information security risk assessments, for various information systems and processes, including annual penetration tests
  • Develop, monitor, track and report against IT Security metrics and KPIs that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
  • Manage and operate the 3rd party vendor risk assessment program
  • Develop and maintain the IT Risk Council and support the ongoing tracking and management of all identified risks and issues
  • Develop and maintain corporate security policies, standards, guidelines and baselines


Minimum Education and Experience Requirements:

Education:

  • BS in Computer Science, Information Security or related field OR equivalent work experience (4 years of experience)
  • Relevant Information Security Certification is preferred CISM, CISSP, CRISC


Experience:
  • 3+ years experience

The Hershey Company is an Equal Opportunity Employer. The policy of The Hershey Company is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's race, color, gender, age, national origin, religion, citizenship status, marital status, sexual orientation, gender identity, transgender status, physical or mental disability, protected veteran status, genetic information, pregnancy, or any other categories protected by applicable federal, state or local laws.

The Hershey Company is an Equal Opportunity Employer - Minority/Female/Disabled/Protected Veterans
Location
, Pennsylvania