Staff Security Analyst

Company: Intuit
Location: Mountain View
Posted on: June 20, 2022

Job Description:

QualificationsCandidate must have 7+ years working in Governance, Risk and Compliance including a focus on Third Party Risk ManagementKnowledge of the third-party management lifecycle and its overall business processes, controls and risk exposure (e.g., third party identification, selection, management, termination), and applicable laws and regulationsUnderstanding of third-party risks and management practices at financial services institutionsStrong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.Understanding of regulatory requirements and expectations related to third party risk management.Understanding AI Risk Assessment for 3rd Party Engagement for AI/ML SolutionsFunctional knowledge of security domains and information security industry standard and best practicesFunctional knowledge of security regulatory requirements (CCPA, GDPR, PCI, NIST SP 800-53, ISO 27001, SOC 1/2)Demonstrated experience with controls definition, development, implementation and assessmentKnowledge of Cloud security, Cloud Security certification is a plusAbility to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practicesA self-motivated person who can influence and drive cross-functional, cross-geo teams, promoting timely and effective communicationExceptional Program Management Skills: how to plan, set and manage to reasonable timelines, while delivering projects that align to the business strategy and prioritiesProvide the leadership and direction to create the environment that motivates a bright and technically diverse organizationAbility to operate in a highly -matrixed environmentDrive, determination and the ability to overcome roadblocks and initial objections.Ability to be flexible and adapt in a fast paced and frequently changing environmentProven analytical abilities and using data/facts for decision-makingThird Party Risk Management certifications is a plusResponsibilitiesPerform complex risk assessments of current and prospective third-party business to assess their control structure and alignment to regulatory, federal/state guidelines and bank requirements and partner with internal stakeholders to assess the residual risk the third party presents to the companyManage residual risk treatment and any identified security issues through the appropriate risk remediation or risk acceptance workflowsLead automation and drive end to end remediation of risk reported via existing operating procedures/metrics/dashboards to ensure compliance with corporate security policies and alignment to best practices across industryDetermine how to leverage other third party technology such as AWS Audit Manager to improve and scale risk assessmentAct as Third Party Security domain expert to support supplemental consulting and guidance for cross functional security team and business partnersContinuously execute the vision and drive the maturation of the third-party risk program to support the Information Security Organization's strategic objectivesParticipate in periodic Legal contract reviews as needed to assure that appropriate clauses exist that support the organization's right to audit the security practices of its third partiesWork with the Third Party Risk Management team (TPRM) team to support continuous improvement of the entire vendor lifecycleSupport the TPRM team and serve as a third party security representative during vendor escalation.Collaborate with TPRM team, legal and security teams on vendor engagement requiring supplemental security assessment or requirementsManage deliverables incorporated into various Third Party Security maturity initiatives and work with partners to implement program improvementsOversee continuous improvement of the vendor security risk assessment process in place to support informed decision making around current and prospective third-party suppliersWork cross-functionally with Privacy teams to align supplier security assessment efforts to meet regulatory requirements for the protection of Intuit employee and customer data accessed by third partiesDevelop and monitor KPIs, metrics, holistic reporting, and management dashboardsCoordinate obtaining requested documentation and responding to requests during regulatory examinations of the assigned compliance focus areas(s) by federal regulators or other internal or external auditorsCollaborate with teams to ensure compliance with audit standards, close audit findingMonitor changes to the regulatory frameworks and landscape and recommend policy changes that will help the business be proactive in maintaining compliance

Keywords: Intuit, Mountain View , Staff Security Analyst, Professions , Mountain View, California