Governance, Risk and Compliance Analyst
US - Remote
Applications have closed
MillerKnoll
MillerKnoll ist ein Kollektiv dynamischer Marken, die gemeinsam die Welt gestalten, in der wir leben.Why join us?
Our purpose is to design for the good of humankind. It’s the ideal we strive toward each day in everything we do. Being a part of MillerKnoll means being a part of something larger than your work team, or even your brand. We are redefining modern for the 21st century. And our success allows MillerKnoll to support causes that align with our values, so we can build a more sustainable, equitable, and beautiful future for everyone.
The MillerKnoll Governance, Risk, and Compliance Analyst will work collaboratively with the global cross-functional teams to centrally perform Cybersecurity and Privacy compliance, data governance, and risk management functions. The analyst will have primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational cybersecurity and privacy practices. This position works closely with the Legal, Digital, Audit, Cybersecurity and Technology teams to help ensure that contractual, policy, control, procedural, legal, and regulatory obligations are effectively defined and implemented.
The analyst must be collaborative and flexible while developing solutions that meet changing cybersecurity and privacy requirements while supporting business function needs. This individual will help grow and mature risk and compliance processes to gain efficiencies and effectiveness in collaboration with all departments to ensure an acceptable risk posture for the organization. This position requires a deep understanding of existing data protection laws and regulations, such as the EU-GDPR and CCPA/CPRA, but also be focused on broader implications of protections as a function of information/system lifecycle management and security and privacy by design. The analyst must possess high standards of legal and business ethics and a demonstrated ability to understand technology, independently problem solve, analyze large quantities of data, and clearly summarize and communicate facts.
Essential Functions- Review PCI controls and work with control owners to resolve control design.
- Develops compliance awareness and training for employees
- Manage the IT policies and procedures lifecycle from development through approval and communication.
- Identify opportunities to reduce the organization's risk by analyzing controls and processes, then recommend remediation actions and controls.
- Prioritize and communicate compliance requirements to technical and non-technical audiences.
- Collaborate with key business partners on remediation strategies and provide guidance to lower/eliminate risk.
- Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
- Support the development of compliance automation to improve business processes.
- Interpret and apply laws, regulations, policies, standards, or procedures to specific issues.
- Work cooperatively with applicable organization units in overseeing consumer information access rights.
- Serve as the information privacy liaison for users of technology systems
- Conduct ongoing privacy training and awareness activities
- Monitor systems development and operations for security and privacy compliance
- Stay current with compliance news and trends relevant to the business and industry.
- Participate in providing support for compliance-related incidents.
- Interface with other business units such as Cybersecurity to communicate program status and overall compliance and training posture.
- Promote a positive security/compliance culture through knowledge sharing, influences, and conduct.
- Create and maintain role-specific documentation.
- Assist with our government, risk, and compliance projects as time permits.
- Knowledge of Payment Card Industry (PCI) data security standards.
- Knowledge of Personally Identifiable Information (PII) data security standards.
- Knowledge of Personal Health Information (PHI) data security standards.
- Knowledge of Risk Management Framework (RMF) requirements.
- Knowledge of risk/threat assessment.
- Knowledge of laws, policies, procedures, or governance relevant to Cybersecurity for critical infrastructures.
- Knowledge of external organizations and academic institutions with a cyber focus (e.g., cyber curriculum/training and Research & Development).
- Knowledge of controls related to data use, processing, storage, and transmission.
- Skill in applying confidentiality, integrity, and availability principles.
- Skill in conducting information searches.
- Ability to communicate effectively when writing.
- Ability to apply critical reading/thinking skills.
- Interpret and apply laws, regulations, policies, standards, or procedures to specific issues.
- Provide ongoing optimization and problem-solving support.
- Provide recommendations for possible improvements and upgrades.
- Ability to tailor technical and planning information to a customer's level of understanding.
- Ability to work across departments and business units to implement the organization’s privacy principles and programs and align privacy objectives with security objectives.
Education/Experience
- Bachelor in Information Systems, Cybersecurity, or Business administration
- 4+ years of relevant experience in Internal Audit, Compliance, or Information Technology
Licenses and Certifications
- One or more compliance certifications are preferred (e.g., CIPP, CIPM, CIPT, PCIP, QSA, CISA)
Who We Hire?
Simply put, we hire everyone. MillerKnoll is comprised of people of all abilities, gender identities and expressions, ages, ethnicities, sexual orientations, veterans from every branch of military service, and more. Here, you can bring your whole self to work. We’re committed to equal opportunity employment, including veterans and people with disabilities.
Tags: Automation CCPA CIPP CISA Compliance GDPR Governance Privacy Risk management RMF
Perks/benefits: Career development Equity / stock options Flex vacation Health care Insurance Medical leave Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs