Senior Security Governance Analyst

Job Description
Senior Security Governance Analyst ADM Control Framework - Erlanger, KY [Any ADM location is acceptable - Erlanger, KY preferred]
This role will work with the Director Global Security Governance & Awareness within Global Information & Cybersecurity. As part of the SECURITY GOVERNANCE & awareness team, this role will help with driving and improving the Global Information Security program and security risk posture of the company. Additionally, this position together with the Director Security Governance & Awareness, will continuingly review, refine, and recommend improvements to the Information Security operating model, enterprise policies, standards, and processes all in order to providing reporting and recommendations to the CISO, GTO, and senior leadership to reduce the risk to the enterprise.Job Responsibilities:

• Lead efforts to implement ADM Control Framework, including identifying security control gaps (ADM Control Framework consists of NIST-CSF and ISO 27001 / ISO 27002), and produce automated metrics to demonstrate security posture
• Lead control assessment activities addressing technical and functional security and regulatory requirements. Engage appropriate business units and personnel to plan and execute the Technical Control Governance program. Document gaps and system vulnerabilities; drive risk identification and intake
• Define technical and operational controls to meet control objectives, and clearly communicate these activities to control owners and operators as well as stakeholders
• Lead efforts in ADM control Framework creating profiles or identifying groups of controls to be applied for applications and entity controls, based on the risk and type of data involved. The profiles will be used to uniformly apply controls across the organization based on risk and type of data involved
• Collaborate with control owners and operators to ensure NIST CSF / ISO 27001 controls are implemented throughout the organization effectively
• Provide reporting of control compliance to leadership upon request and related to laws and regulations as needed
• Perform security and privacy assessments as needed based on controls, for applications, technology, and vendors as part of the privacy program for all privacy related technology and work with the Chief Privacy Officer on these requests
• Analyze and be responsible for the implementation, review and update of Global Information & Cyber Security and Global Technology policies, standards, and controls. Collaborate with leadership to develop and implement policies and standards, considering impact to the enterprise. Collaborate with subject matter experts to address new requirements and emerging business needs in a secure manner
• Oversee, document and track the Policy/Standard Exception Process ensuring that each policy exception is submitted within the guidelines and assessed according to the defined process. Facilitate and monitor the mitigation monitoring and reporting of all exceptions. Facilitate the transfer and smooth handoff of policy exceptions without mitigation to GT Risk Assurance
• Facilitate the development and implementation of security awareness program training, materials, and events. Develop and deliver content to educate the business about the Technical Control Framework and other organizational program areas
• Assist as needed in quarterly phishing campaigns which test every colleague with an email address, including working with all stakeholders prior and providing reporting during and after the campaign is completed, then update all trending metrics
• Support the efforts as needed to compile, review, and analyze security information along with policy compliance as needed to formulate recommendations, metrics, and reports for management review and decision making
• Support efforts as needed for third-party IT vulnerability assessments and remediation
• Support partnership GT Risk Assurance to ensure collaboration, smooth handoffs and constant communication
• Mentor and develop staff in technical and functional subject areas
• Support functional teams on proactively collecting appropriate and relevant metrics based on control implementation and policy compliance to be reported in order for the business leaders to make appropriate risk-based decisions
• Support the monitoring and reporting compliance for all Global Technology security policies and standards across the organization utilizing or creating automated reporting and metrics. Drive compliance improvement to processes and to improve security posture IT standard methodologies and leading practices
• Perform functions in a timely manner and with utmost level of attention to detail, vitality and thoroughness
• Actively stay aware of processes and methods for addressing and/or acknowledging non-compliance to information security standards and communicate the findings clearly to business areas
• Develop and communicate guidelines for enterprise security practices
• Provide leadership in redefining ADM Global Information & Cyber Security Program
• Build sound business relationships across the enterprise, Chief Information Security Officer, Chief Privacy Officer, Global Technology Officer, and other Vice Presidents / Managing Directors, to enable a confirmed understanding and close alignment with business needs, direction, and risk appetite
• Collaborate with key business stakeholders, including, but not limited to, Privacy, IT, Internal Audit, InfoSec, Corporate Security, and HR to develop and improve Information Governance to the enterprise

Required Skills:

• Minimum of 8 years of experience in security and IT/OT related fields
• 5 years of regulatory requirements, implementing controls, and frameworks such as ISO 27001, ISO 27002, PCI, CIS, SOX, HIPAA, ISO, NIST and NIST CSF, COBIT, GDPR, LGPD, or NIST Cyber Security Framework (CSF)
• Practical experience implementing NIST, ISO, or other industry standards
• SANS 301 or 401 (can be obtained after employment)
• Three years of experience in a GRC subject area. One year of work in a Governance, Risk, Compliance (GRC) function in a highly regulated environment, may substitute for up to 18 months experience
• Three years' experience with performing privacy, security and risk assessments on applications, services or technology using an industry framework such as NIST CSF or ISO 27001/27002
• Knowledge and experience with process flows, process documentation and solid grasp of a process focus in an organization
• Ability and the experience to produce and automate metrics for policy compliance using tools such as Power BI
• Experience implementing and/or facilitating a Security Awareness Program, including phishing campaigns
• Experience in one or more of the following areas preferred: network administration, systems administration, SDLC/secure soft, encryption, asset management, IAM, IT Operations, Security Risk Management

Desired Skills:

• Certification such as CISM, CISSP, CISA, CRISC, CISSP, CDPSE
• Experience using a GRC tool (i.e. One Trust, Lockpath, Archer, etc.)
• Solid Grasp of risk management and vulnerability management
• Understanding of technologies such as firewalls, IDS, IPS, encryption, IDAM, SIEM, etc.
• Understanding and knowledge of Sarbanes-Oxley, GDPR (General Data Protection Regulation) and IT General Controls. Knowledge of third-party auditing, such as cloud, and risk assessment methodologies
• BA/BS degree or equivalent experience

Relocation assistance is available
EEO
ADM is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability and veterans status.
About ADM:
ADM unlocks the power of nature to enrich the quality of life. We're a premier global human and animal nutrition company, delivering solutions today with an eye to the future. We're blazing new trails in health and well-being as our scientists develop groundbreaking products to support healthier living. We're a cutting-edge innovator leading the way to a new future of plant-based consumer and industrial solutions to replace petroleum-based products. We're an unmatched agricultural supply chain manager and processor, providing food security by connecting local needs with global capabilities. And we're a leader in sustainability, scaling across entire value chains to help decarbonize our industry and safeguard our planet. From the seed of the idea to the outcome of the solution, we give customers an edge in solving the nutritional and sustainability challenges of today and tomorrow. Learn more at www.adm.com.