Information Security Analyst 3

Company Description:

Crown Equipment Corporation is a leading innovator in world-class forklift and material handling equipment and technology. As one of the world’s largest lift truck manufacturers, we are committed to providing the customer with the safest, most efficient and ergonomic lift truck possible to lower their total cost of ownership.

Job Responsibilities:

• Information Security & Privacy Project Management - Oversee, coordinate, and support functional process audit and assessments to ensure process compliance. Develop instructional and procedural documentation and presentations to support and communicate Information Security and Privacy Program strategic objectives. Prepare and maintain policy, standards, guidelines, processes, and procedures based on National Institute of Science & Technology (NIST) and International Organization for Standardization (ISO) best practices while leading framework implementation and ongoing improvement. Work collaboratively with other stakeholders to achieve compliance objectives for the overall program.
• Information Security & Privacy Audit Management - Assess technology related compliance issues across the organization including Information Security, privacy, identity management, user access, and data integrity. Ensure alignment of practices with ethical, regulatory, and commercial requirements with policies and procedures. Build scalable and efficient processes related to corrective actions and product compliance needs.\
• Risk Program Management - Identify, assess, and mitigate risk to company’s technologies and services. Work closely with Information Technology and Engineering teams to develop strategies and plans to assess risks. Work with technical stakeholders to develop and approve risk treatment projects and establish clear objectives for risk mitigation. Track risk items and assist technical teams with prioritization and project scoping for Information Security and privacy program driven risk projects.
• Incident Response Leadership - Lead incident response processes under the guidance of the Director of Information Security. Set goals, priorities, and strategies for the Incident Response Team (IRT) and oversee execution and evaluation of the response actions. Liaise with senior management, external stakeholders, and regulatory authorities, and ensure compliance with legal and ethical obligations.
• Threat Intelligence Program Management - Combine contextual knowledge about the overall threat landscape with analytical skills to gather information to monitor, assess, and report on risks that could affect the company. Conduct private data collection and open source intelligence (OSINT) evaluation to synthesize a range of sources to build out a complete picture of a risk posture that informs the actions the company takes to mitigate these risks. Produce short-term and long-term evaluations so compliance and IT teams better understand what to expect from a threat perspective, and what they can do to get ahead of any potential attacks or data breaches. Perform other duties as assigned.

Minimum Qualifications:

• 5-7 years related experience
• Bachelor’s degree (Information Technology, Cyber Security, Computer Science) - Non-degree considered if 12+ years of related experience along with a high school diploma or GED

Preferred Qualifications:

• 10+ years of related experience.
• Expertise in various Information Security & Privacy Frameworks such as the Secure Controls Framework, NIST CSF, NIST 800-171, NIST 800-53, NIST Privacy Framework, ISO-27001, ISO-27701, GDPR, US & other global privacy regulations.
• Work experience in other Information Security, Privacy, and/or Information Technology disciplines such as software development, help desk, networking, systems administration or similar in conjunction with professional certifications such as CIPP, CIPM, CIPT, CCSP, CGRC, CRISC, CDPSE, CGEIT, CISA, ISO Lead Implementor, ISO Internal Auditor, and AWS Associate or Professional level certifications.
• Cyber, Information Security, and/or privacy internal audit experience.
• Intermediate or higher level of knowledge in at least one scripting or software development language such as PowerShell, Bash, Java, or Python.
• Good written and oral communication skills, deductive reasoning, and analytical investigative skills.
• Good interpersonal skills to facilitate positive relations between business groups.
• Good leadership, decision-making, and communication skills, as well as a broad knowledge of the Company’s business and security objectives

Work Authorization:

Crown will only employ those who are legally authorized to work in the United States. This is not a position for which sponsorship will be provided. Individuals with temporary visas or who need sponsorship for work authorization now or in the future, are not eligible for hire.

No agency calls please.

Crown offers an excellent wage and benefits package for full-time employees including Health/Dental/Vision/Prescription Drug Plan, Flexible Benefits Plan, 401K Retirement Savings Plan, Life and Disability Benefits, Paid Holidays, Paid Vacation, Tuition Reimbursement, and much more.

EO/AA Employer Minorities/Females/Protected Veterans/Disabled