Security Risk Analyst

Why Catalina? Catalina delivers omni-channel solutions to our customers with a long-standing history of rich data assets, but our greatest asset is our people.   Our guiding principles set the stage for winning in the markets we serve, and our potential is powerful.   When you join the Catalina team, you will be part of an inclusive environment that embraces flexibility, community involvement, work-life balance as well as opportunities to grow professionally.

Our Team

The Security Risk Analyst plays a pivotal role in safeguarding our organization against the potential risks posed by third-party vendors and service providers. This individual ensures that all external partnerships adhere to strict regulatory standards and internal policies, prioritizing data privacy and security controls by conducting thorough evaluations and risk assessments. Collaborating closely with internal stakeholders, the analyst facilitates a comprehensive approach to third-party risk management, enhancing the integration of services with a keen focus on security and compliance. Additionally, leading and innovating the Security Awareness Program, the analyst champions a culture of security mindfulness across the organization, educating employees on best practices and mitigating the risks of social engineering attacks.

Responsibilities

• Evaluate third-party vendors and service providers to identify and mitigate potential organizational risks, ensuring compliance with regulatory requirements and internal policies.

• Work collaboratively with internal stakeholders, including the privacy team, procurement, and business owners, to manage third-party risks effectively, ensuring the secure integration of services and data management.

• Facilitate the completion and evaluation of third-party risk management forms by vendors, ensuring comprehensive risk analysis before proceeding with partnerships.

• Participate and improve the Security Awareness Program, including Phishing campaigns, to educate users on security best practices, contributing to a culture of heightened security awareness and reduced risk of social engineering attacks.

• Proactively conduct risk assessments to identify potential vulnerabilities and compliance gaps with third-party vendors, focusing on data privacy, security controls, and contractual obligations to safeguard organizational assets.

• Recommend and implement risk mitigation plans for identified vulnerabilities, ensuring that all third-party services align with the company's security standards and compliance requirements.

• Monitor and enforce third-party compliance with relevant regulatory standards and internal policies, reducing legal and operational risks.

• Keep accurate and up-to-date records of risk assessments, mitigation actions, and compliance activities to support audit processes and decision-making.

• Assist in SOC2 and other relevant audits by liaising with auditors and conducting thorough IT controls testing to ensure the design and operational effectiveness of security measures.

• Develop and lead the Security Awareness Program, conducting Phishing campaigns and other initiatives to educate and test the workforce, aiming to reduce susceptibility to cyber threats.

• Compile and analyze results from security initiatives, like Phishing campaigns, to identify trends, report on program effectiveness, and adjust strategies accordingly.

• Interact with vendors to conduct assessments and ensure the completion of necessary evaluations, emphasizing the importance of security from the onset of vendor relationships.

• Provide guidance to internal stakeholders regarding the importance of third-party risk management, educating them on the processes and requirements for adding new vendors or services.

• Continually seek opportunities to improve third-party risk management practices, security awareness programs, and compliance processes to adapt to changing threats and regulatory landscapes.

• Other assigned tasks to support the security program.

Qualifications

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent experience.

• Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent certifications focused on risk management, audit, and compliance preferred.

• 3 to 5 years of experience in conducting risk assessments, managing third-party risks, and ensuring compliance with relevant standards and regulations.

• In-depth understanding of auditing standards, compliance requirements (e.g., SOC2, ISO 27001, NIST CSF, GDPR), and risk management frameworks.

• Expertise in evaluating and implementing risk mitigation strategies to address vulnerabilities associated with third-party vendors and service providers.

• Strong analytical, communication, and project management skills, essential for managing risk assessments, mitigation actions, and compliance activities.

• Participation in Security Awareness Programs, aiding in Phishing campaigns and security best practices education.

• Excellent verbal and written communication skills in English, with the ability to effectively communicate with vendors and internal teams globally, ensuring clear and concise interactions across diverse cultural backgrounds.

• Flexibility to accommodate both U.S. and UK business hours, ensuring effective collaboration with internal and external stakeholders in these regions to support the global operational requirements of our team and partners.

The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically included in this description.

All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.

About Catalina

Catalina is a recognized leader in highly targeted, personalized digital media that drives, tracks and measures sales lift for leading CPG retailers and brands. Powered by the most extensive shopper database in the world, Catalina's mobile, online and in-store networks personalize the consumer's path to purchase, delivering $7.9 billion in relevant consumer value each year. Catalina has no higher priority than ensuring the privacy and security of the data entrusted to us and maintaining the consumer trust paramount to the continued success of our business partners and Catalina. Based in St. Petersburg, FL, Catalina has operations in the United States, Costa Rica, and Europe. To learn more, please visit www.catalina.com or follow us on Twitter @Catalina.

Catalina is committed to investing in, empowering, and retaining an inclusive community within our company. We are dedicated to hiring the best and brightest from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has a seat at the table and a voice to be heard. Our goal is to ensure that all our talented professionals are equipped with support, resources, and the opportunity to excel.

Catalina values your privacy and is committed to protecting your personal information. Please review our privacy policy, which provides details on how we process the data you provided for job applications.

We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.

#LI-BP1