Cyber Security Analyst- Information Risk Management
Framingham, MA

Job Description

DescriptionPOSITION SUMMARY:

The Cyber Security Analyst III, Information Risk Management will be responsible for helping with the planning and execution of Staples information risk programs. This includes assessment of risk for Staples business units and affiliates as well as responding to customer requests regarding Staples security posture.

PRIMARY RESPONSIBILITIES:

* Provide support for Information Risk Management
* Responsibility for onsite and remote assessments
* Interface with business units, procurement, legal, customers and vendors to ensure that security goals and policies are enforced and communicated
* Contribute to the development of the GRC digital platform
* Contribute to the evolution of best practices related to information risk
* Develop a deep knowledge of Staples policies, their application to various vendor risk tiers and how they translate to a strong security program that protects Staples customers

QualificationsKNOWLEDGE/SKILL REQUIREMENT:

* Bachelor's Degree
* 5+ years of experience directly related to information technology, networking or software engineering
* Knowledge of IT security control frameworks (NIST CSF, ISO 2700X, PCI DSS)
* Experience with IT compliance programs, audits and assessments
* Excellent communication, writing and interpersonal skills
* Ability to function at all levels of the organization and communicate with all levels of IT, business, vendors, and customers
* Ability to follow existing processes and suggest improvements to them
* Attention to detail and self-organization

PREFERRED SKILLS:

* Ability to work independently
* Experience working in one or more popular GRC platforms (Archer, Service Now, SAI Global)
* Risk assessment, risk review, and project management experience (desirable, but not required)
* Experience with Shared Assessments tools and concepts (desirable, but not required)
* Thorough understanding of IT policies and standards
* Previous work experience in a highly regulated industry (Medical, Financial, Insurance, Government, etc.)
* Working towards major Security Certifications (ISC2 CISSP, SANS GSEC or equivalent)

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.

Staples