First Quality was founded in 1989 and has grown to be a global, privately held company with over 4,000 employees. Its corporate offices are located in Great Neck, New York, with manufacturing facilities and offices in Pennsylvania, South Carolina, Georgia, and Canada. First Quality is a diversified family of companies manufacturing consumer products ranging from Absorbent Hygiene (adult incontinence, feminine care, and baby care), Tissue (bath and towel), and Industrial (print and packaging materials), serving institutional and retail markets throughout the world. First Quality focuses on private label and branded product lines.
We are seeking an experiencedInformation Security Governance, Risk and Compliance Security Analystfor ourFirst Quality Enterprises, Inc.located inGreat Neck, NY.
This position is responsible for Information Security Governance, Risk and Compliance activities across the First Quality Enterprises. This role will assist the GRC team with the management of key Information Security initiatives which change annually, as well as supporting and maturing the First Qualitys Information Security Risk Management Program. The Analyst will support various activities under the following key GRC programs:
Third Party Risk Management
Training and Awareness
Security Policies, Standards, Procedures
Data Loss Prevention
Identity and Access Management
Technology Risk Management
This position has several principal responsibilities as outlined below. This position reports to the Information Security GRC Manager.
Primary responsibilities include:
The Information Security GRC Security Analyst will be tasked with managing strategic Information Security projects which will change annually, assessing third party risks, managing security solutions, auditing/assessing various IT/IS processes and technologies to identify key security risks, manage the remediation/mitigation of identified risks, maturing the GRC program through the implementation of robust processes and eventually a GRC technology. The Analyst will also be tasked with operationalizing the Identity and Access Management Program including technologies such as Microsoft Azure and CyberArk.
Activities include:
Project Management of strategic Information Security projects and programs
Assisting with third party due diligence in the form of risk assessments and platform analysis
Development/modification of Information Security related documentation
Management of the End User Training and Awareness Program which includes roll out of CBTs, phishing simulations, newsletters, in person and web conferencing trainings
Creation and maintenance of weekly, monthly, quarterly, annual security reporting metrics (e.g. user recertifications, phishing simulation failures, compliance with required trainings, USB audits, key risks)
Operationalize the Identity and Access Management Program at First Quality and supporting technologies such as Microsoft Azure and CyberArk
Assisting with the management of Data Loss Prevention alerts and technologies
Maturing the Information Security Risk Management Program by identifying threats and risks to the organization
Formalize the risk register and working to remediate or mitigate risks
Developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security controls
Implementing a GRC tool which includes mapping of applicable policies to controls
Responsible for IS self:assessments to ensure systems and applications are complying with First Quality policies, applicable regulatory and legal requirements, and leading industry practices
Participate and support Internal and External Audit activities
Requirements:
Occasional travel: Up to 15
QUALIFICATIONS: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability requ
