Lead Info Security Analyst

Before you apply to a job, select your language preference from the options available at the top right of this page.Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.Job Description:The Lead Information Security Analyst performs the role of trusted advisor with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness. He/She interfaces with IT and business colleagues, and auditors, articulating control implementation and impact, and establishing considerations for maintaining and applying security and compliance concepts to varied technical environments (On premise, cloud). He/She performs a broad range of complex analytical and investigative technical and professional work activities to identify, investigate and assess the information security capabilities of Information Security Programs and IT Systems. This position determines the effectiveness of information security controls, identifies risks and control gaps, process improvements, and solutions through the security governance process. He/she effectively communicate compliance activity results, remediation, and reporting, to a broad audience including peers and senior leaders. He/She contribute to metrics, visibility dashboards for reporting on governance, risk and compliance (GRC) program statuses of IT security and IT regulatory compliance postures. He/She maintains current knowledge of developing technologies and applications. He/she guides and trains colleagues to increase skill sets and knowledge. This position leads work functions to ensure appropriate resource allocation. The Lead Information Security Analyst reports to the Information Security Manager in the Information Security Governance, Risk and Compliance group.Job Duties and Responsibilities:Assesses Risks and Manages Information Security ControlsAssesses risks to I.T. systems’ availability, integrity, and confidentiality to ensure security and service continuity. Provides guidance for information assurance strategies to manage identified risks. Performs or participates in security risk assessments, business impact analyses, and application accreditation assessments to maintain compliance of information systems and to support the achievement of business. Identifies industry best practices, standards, methods, tools, and applications to optimize UPS’s business risk management. Analyzes security audit findings and recommends changes to improve the adequacy and effectiveness of security policies, best practices, procedures, and the security control environment. Evaluates and recommends corrective action plans to meet regulatory compliance and privacy frameworks such as Payment Card Industry (PCI), Sarbanes Oxley (SOX), Civil Reserve Air Fleet (CRAF)/NIST 800/171, General Data Protection Regulation (GDPR).Interfaces with Colleagues, Stakeholders, and Team LeaderMentors colleagues and provides guidance to resolve security and business issues. Communicates identified areas for process improvements and solutions. Develops and presents technical and business solutions to facilitate process improvements. Coaches’ others and provides on-going feedback and support to improve performance.Lead Information Security ProjectsManages Information Security project life cycles to see projects from beginning to end. Creates, prepares, and maintains project plans to estimate resources, plan schedules, define goals, establish metrics, assess risks, and develop cost plans and to provide stakeholder reports. Provides status communications for senior management on issues, concerns, and risks to recommend solutions and to ensure products meet customers' needs. Monitors assigned resources to continuously manage productivity, project timelines, and deliverables. Balances multiple projects and deployment schedules to meet stakeholder goals and expectations. Manages the change control procedure to ensure project deliverables are formally reviewed, completed within planned cost and timeframe, and closed.Professional Experience/Skills:

Experience - Must have four or more years of demonstrable, professional, Information Security experience, with 3 years or more experience in IT compliance/IT audit or Risk Management

Risk Management - Understanding and knowledge of Information Security Risk Management principles

Regulatory Compliance – Experience developing assessment processes for regulatory compliance, along with management of multiple regulatory assessments yearly for various compliance frameworks such as Payment Card Industry (PCI), Sarbanes Oxley (SOX), Civil Reserve Air Fleet (CRAF)/NIST 800/171, CSA Cloud Control Matrix (CCM), General Data Protection Regulation (EU GDPR)

Technical Skills - Very strong technical, analytical, and troubleshooting skills including ability to analyze a problem/project quickly and accurately

Knowledge of regulatory compliance (PCI DSS, GDPR) and security for Containers

Knowledge with cloud compliance solutions provided by at least one of the cloud vendors (Azure, AWS, Google)

Knowledge of Security Controls Frameworks

Management - Demonstrable experience building and leading highly skilled and motivated work teams

Presentation Skills - Must be proficient in presenting to leadership on a regular basis

Influencing - Ability to inform, and educate key stakeholders on priorities and risks in specific agreements or assurance efforts

Creative Problem Solving - Analytical creativity and problem-solving skills, focusing on driving and achieving results in timely fashion. Ability to multitask concurrent work efforts

Confidentiality - Ability to maintain confidentiality is required

Communication - Strong verbal and written communication skills

Organization & Planning - Strong planning and organization skills as well as customer service skills

Demonstrated ability to take initiative, action and exercise discretion when needed

Education:

The Lead Information Security Analyst will possess a Bachelors’ degree in Computer Science, Information Assurance or Risk Management, Cybersecurity, Information Systems, or related field, or the equivalent in education and work experience.

Industry CertificationsMust possess one or more of the following information security certifications or have another certification or advanced degree in information security or related field.

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified in Risk and Information Security Controls (CRISC)

Certified Information Systems Auditor (CISA)

Employee Type:PermanentUPS is committed to providing a workplace free of discrimination, harassment, and retaliation.Other Criteria:Employer will sponsor visas for specific positions . UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law.Basic Qualifications:Must be a U.S. Citizen or National of the U.S., an alien lawfully admitted for permanent residence, or an alien authorized to work in the U.S. for this employer.Company: UNITED PARCEL SERVICECategory: Info Services ManagementRequisition Number: R23029609Location: Mahwah,New Jersey