Risk Analyst

Company Description

Headquartered in Southern California, Skechers has spent 30 years helping men, women and kids everywhere look and feel good. Developing comfort technologies is at the foundation of all that we do—delivering stylish, innovative, and quality products at a reasonable price. From our diverse footwear offering to a growing range of apparel and accessories, Skechers is a complete lifestyle brand.

With international business representing over half of our total sales, we have product available in more than 180 countries and significant opportunities for continued expansion worldwide. We sell our collections direct to consumers through more than 4,450 Skechers stores around the globe and Skechers e-commerce sites, as well as through a network of third-party partners.

A MULTI-BILLION-DOLLAR GLOBAL LEADER IN THE FOOTWEAR INDUSTRY.

Job Description

Skechers USA is seeking an experienced and highly motivated Risk Analyst to join our team. The ideal candidate will have a passion for problem solving, possess a strong knowledge of various risk frameworks and is experienced in compliance management. In this role, you will be responsible for performing internal/external risk assessments, monitoring the operational effectiveness of controls in the environment as well as ensuring Skechers compliance status with applicable laws and regulations.You will also be responsible for working collaboratively with other departments to identify, analyze and mitigate risks. To be successful in this role the candidate must have a strong passion for cybersecurity, is self-driven and takes ownership of tasks, have an appetite for taking new challenges and possess a natural drive and curiosity to contiously innovate and identify areas for process improvement.

 

ESSENTIAL JOB RESULTS-

• Perform security and risk assessments on new and existing systems, processes, technology.
• Support vendor due-diligence process and help to lead and maintain overall third-party management efforts as needed.
• Perform capability and controls maturity assessments and maintain log of mapped inititiatives to track improvement efforts over time.
• Manage risk assessment related remediation activities through proper risk identification, root cause analysis, aggregation of remediation efforts across enterprise and appropriate close out.
• Drive consistency in the way risks are identified, controls are implemented and monitored, and share best practices and learnings across the company.
• Facilitate risk and governance program activities,such as processing risk exceptions, assigning risk ratings as appropriate, performing business risk consultations and providing risk mitigation and remediation recommendations.
• Perform business impact analysis and support ongoing operations related to the maintenance, upkeep and reporting of risks tracked in our Cyber Risk Register.
• Assist in designing, creating, and maintaining risk-based metrics (KPIs) as well as contributing to program reporting.
• Work with various business units to ensure controls are adequate, appropriate, and effective.
• Collaborate to define IT security standards and develop supporting organizational policies as well as support policy lifecycle management.
• Support internal and external audit process for relevant compliance concerns including PCI-DSS, SOX, GDPR at the enterprise level (domestic and international) as needed.
• Support and contribute to enterprise-wide Security Awareness initiatives as needed.
• Interface with global IT and business partners to provide guidance, risk advisory services and support as needed
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

ADDITIONAL RESPONSIBILITIES-

• Other duties as assigned.

SUPERVISORY RESPONSIBILITIES-

• Yes

Qualifications

JOB REQUIREMENTS-

• Significant experience with legal and regulatory compliance standards such as PCI-DSS, SOX, GDPR, HIPAA, CPRA etc.
• Familiarity with ISMS and security frameworks, particularly NIST RMF and CIS Frameworks.
• Great understanding of fundamental information security concepts and technology.
• Experience with IT GRC/IRM platforms (Oracle, RSA Archer, MetricStream, etc.).
• Experience with IT governance, risk, and compliance management in a large, global environment.
• Excellent written and oral communication skills.
• Strong work ethic with attention to detail.
• Ability to excel in a fast-paced and rapidly changing environment.

EDUCATION AND EXPERIENCE-

• 3-5 years of experience in a similar role and/or information security function
• Bachelor’s degree in related field or equivalent work experience.
• GIAC, (ISC)2, or ISACA Certification a plus

QUALIFICATIONS-

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.

PHYSICAL DEMANDS-

While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear.  The employee frequently is required to walk; sit, reach with hands and arms, and stoop, kneel. The employee is occasionally required to sit for long period of times.  

 

Additional Information

All your information will be kept confidential according to EEO guidelines.

The salary range for this position is $105,000-$130,000