Corporate Information Security Analyst (Open To Remote)

Penguin Random House is looking for an Information Security Analyst to join the Corporate Information Security team. The Corporate Information Security team owns the Information Security Management System (ISMS) responsibilities for the company. The Information Security function facilitates Information Security and data governance processes, enables risk-based decision-making, and delivers an Information Security foundation to achieve and maintain legal, regulatory, and contractual compliance.

The Information Security Analyst will be focused on evaluating technology controls, supporting risk assessments, leading audit coordination, and executing control activities related to fraud, training and policy management.

The ideal candidate will have a fundamental understanding of risk and project management, strong business judgement, and excel at explaining complex processes to diverse audiences in a way that drives understanding and ownership.

Who you are:

• Knowledgeable of Information Security standards and best practices.
• Analytical thinker who exercises good business judgment.
• Confidence and willingness to ask questions, raise issues, and concerns in a timely manner.
• High attention to detail, process, and organization with project management skills to ensure accountability and results.
• Strong communication skills with the ability to quickly build rapport with internal and external stakeholders including auditors; demonstrated experience presenting technical concepts to diverse audiences.
• Proficient in managing results when faced with ambiguity or competing approaches regarding the best path to success.
• Ability to adapt to change, including evolving business and technical environments, and manage multiple priorities while meeting deadlines in a fast-paced environment.
• Team player, collaborative work style.
• Self-motivated and able to work efficiently with minimal oversight/direction.

What you will do:

• Assist in the assessment and analysis of the global Information Security Management System (ISMS) requirements, which include risk assessments, control gap assessments, and business impact analysis
• Perform assessments of third-party service providers to identify potential security and privacy risks and to ensure that our vendors comply with relevant internal policies and regulations
• Advise, educate, and train risk owners with the identification, assessment, mitigation, and monitoring of risks to better understand the risk management process and their responsibilities
• Coordinate remediation and risk mitigation activities, including root cause analysis and owning the design, tracking, and progress of action plans across compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners
• Support the development of audit plans in partnership with leadership and support internal and external audit engagements according to plan
• Maintain the policy repository and support effective policy communication
• Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities
• Monitor external threat intelligence information to identify potential fraud or other malicious activity and escalate when necessary
• Enhance cybersecurity awareness by promoting employee education, managing anti-phishing campaigns, and communicating best practices
• Liaison between internal IT teams and business areas to perform security analysis related to the use of new applications and software
• Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within security and to our business partners
• Engage in ad-hoc projects as required

Qualifications:

• Recent graduate in the field of Cybersecurity, Information Systems Management, or Risk Management, or at least 2 years of experience in cyber security, technology risk, GRC, or technical compliance roles
• Strong understanding of security concepts and practical usage
• Knowledge of ISO 27001, ISO 27701, NIST cyber framework, PCI-DSS, GDPR, CCPA
• Experience in evaluating and implementing security controls
• Demonstrated history of successfully executing projects with an emphasis on delivering results
• Familiarity with governance, risk, and compliance (GRC) tools
• Ability to obtain an Information Security certification (Security+, CISSP, CISM, etc.) within 12 months of hire

To learn more about our IT Department and their initiatives, visit our Tech Talent site.

For any questions you may have, please refer to our FAQ page here.

The salary for this position is $75,000-$100,000. All positions are currently eligible for annual profit award or bonus, subject to Company results.

Penguin Random House job postings include a good faith compensation range for each open position. The salary range listed is specific to each particular open position and takes into account various factors including the specifics of the individual role, and candidate's relevant experience and qualifications.

Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care/Dependent Care Flexible Spending Account, Health Savings Account, Pre-Tax and Roth 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, Commuter Benefits, Student Loan Repayment Program, Educational Assistance & generous paid time off.

Penguin Random House is the leading adult and children's publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution. Our vibrant and diverse international community of nearly 300 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children's Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others. More information can be found at http://www.penguinrandomhouse.com/.
Penguin Random House values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.

Company: Penguin Random House LLC

Country: United States of America

State/Region: New York

City: New York

Postal Code: 10019

Job ID: 268553