Security Risk Analyst
The Global Security and Privacy (GSAP) team is responsible for developing, implementing, and administering Catalina’s global security and privacy compliance program. With security, risk and privacy concerns so prevalent, Catalina’s GSAP organization’s mission is to protect Catalina’s brand by identifying and reducing risk across the enterprise to improve levels of privacy, cybersecurity, and resilience. GSAP will identify risks, recommend solutions, and handle investigations, breaches, and incidents to ensure Catalina has a trusted and private environment that provides Catalina and Catalina clients the freedom to innovate, grow, pursue strategic goals, and to do business anywhere and anytime.
This position will report to the Director Security and Risk with local reporting to the IT Security Manager. The role is mainly focused to address Catalina security, risk and compliance operation functions. The successful candidate will join a team of highly qualified professional individuals who collaborate and support each other. The candidate will have the opportunity to grow their knowledge in security and risk but in privacy as well.
Security and Risk Analyst
- Function as a representative of GSAP leading by example, being diplomatic yet firm, fair, flexible and consistent in deploying industry-standard information security best practices and applicable laws, regulations, and policies.
- Assistance in evaluating the design and operating effectiveness of the Catalina business and information technology controls built from Industry Standards such as NIST, ISO 27001, PCI DSS around technology controls, including, but not limited to Software Development Lifecycle (SDLC), Logical Security, Data interfaces, availability/redundancy, and Cyber / Info security.
- Preparing supporting evidence, documenting test plans which clearly describes the audit procedures performed, results of testing and conclusions reached for various processes.
- Designing technology diagrams detailing the systems and their dependencies during the audit process
- Assisting with the Department's data collection and analytics efforts and internal reporting preparation.
- Assisting in the development and tracking of control recommendations for corrective action/improvement.
- Work with Internal business units including engineering stakeholders to identify and continuously improve departmental practices.
- Operationalizing security controls into day to day operations of our engineering teams
- Monitor and demonstrate compliance with organizational policies and practices, as evidenced by strong quality assurance results, and strong performance within standards and related metrics.
- Stay abreast of current issues and obtain continuing education and training.
- Participate in special projects and perform other duties as requested.
- Interact with internal organizations to provide effective risk and control advice, maintaining active communication to enhance risk and control awareness and manage expectations.
- Provide data analysis support for ongoing compliance monitoring
- Maintain up-to-date knowledge about audit controls and technique
- Utilize innovative ideas and tools to enhance operational effectiveness
- Evaluate and recommend improvements to business practices, processes, and controls
2- 4 years of relevant experience in a technology audit/compliance
- Experience with business process control evaluation and risk mitigation.
- Knowledge of security & privacy principles and common security frameworks.
- Knowledge of network-based services, client/server applications, cloud-based and virtualized environments, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure.
- Direct experience with audit and compliance frameworks, e.g., ISO 27001, 2007:2017, PCI, etc.
- Background in IT hardware/software concepts and processes used within the business, covering:
- Core security concepts
- Cloud-based services
- Windows and Linux operating systems
- Open-source ecosystem (databases, applications, etc.)
- Experience with auditors and the evidence collection process
- Experience with the design and testing of IT security controls in a managed hosting and/or Software-as-a-Service environment
- Experience in building relationships across business functions, locations, and technical stakeholders.
- Self-direction, attention to detail with a passion to solve practical problems while dealing with a number of variables.
- Ability to present ideas/solutions and communicate clearly, concisely, and accurately with others at all levels of the organization.
- Experience in reading the culture of a company, adjusting your style and adapting as needed.
- Collaborative, upbeat work ethic where you both take ownership and have fun.
- Able to meet deliverable's and drive your work to completion within specified timelines.
- Great verbal and written communication skills.
- Familiar with GRC (governance, risk, compliance) tools
Catalina is a recognized leader in highly targeted, personalized digital media that drives, tracks and measures sales lift for leading CPG retailers and brands. Powered by the most extensive shopper database in the world, Catalina's mobile, online and in-store networks personalize the consumer's path to purchase, delivering $7.9 billion in relevant consumer value each year. Catalina has no higher priority than ensuring the privacy and security of the data entrusted to us and maintaining the consumer trust paramount to the continued success of our business partners and Catalina. Based in St. Petersburg, FL, Catalina has operations in the United States, Europe and Japan. To learn more, please visit www.catalina.com or follow us on Twitter @Catalina.
All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace