Corporate Information Security Analyst (Open to Remote)
New York City, US, 10019
Applications have closed
Bertelsmann
International media company and it’s divisions; information for all interested people, journalists and applicants; financial data and business detailsPenguin Random House is looking for an Information Security Analyst to join the Corporate Information Security team. The Corporate Information Security team owns the Information Security Management System (ISMS) responsibilities for the company. The Information Security function facilitates information security and data governance processes, enables risk-based decision-making, and delivers an information security foundation to achieve and maintain legal, regulatory, and contractual compliance.
The Information Security Analyst will be focused on evaluating technology controls, supporting risk assessments, leading audit coordination, and executing control activities related to fraud, training and policy management.
The ideal candidate will have a fundamental understanding of risk and project management, strong business judgement, and excel at explaining complex processes to diverse audiences in a way that drives understanding and ownership.
Who you are:
- Knowledgeable of Information Security standards and best practices.
- Analytical thinker who exercises good business judgment.
- Confidence and willingness to ask questions, raise issues, and concerns in a timely manner.
- High attention to detail, process, and organization with project management skills to ensure accountability and results.
- Strong communication skills with the ability to quickly build rapport with internal and external stakeholders including auditors; demonstrated experience presenting technical concepts to diverse audiences.
- Proficient in managing results when faced with ambiguity or competing approaches regarding the best path to success.
- Ability to adapt to change, including evolving business and technical environments, and manage multiple priorities while meeting deadlines in a fast-paced environment.
- Team player, collaborative work style.
- Self-motivated and able to work efficiently with minimal oversight/direction.
What you will do:
- Assist in the assessment and analysis of the global Information Security Management System (ISMS) requirements, which include risk assessments, control gap assessments, and business impact analysis
- Perform assessments of third-party service providers to identify potential security and privacy risks and to ensure that our vendors comply with relevant internal policies and regulations
- Advise, educate, and train risk owners with the identification, assessment, mitigation, and monitoring of risks to better understand the risk management process and their responsibilities
- Coordinate remediation and risk mitigation activities, including root cause analysis and owning the design, tracking, and progress of action plans across compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners
- Support the development of audit plans in partnership with leadership and support internal and external audit engagements according to plan
- Maintain the policy repository and support effective policy communication
- Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities
- Monitor external threat intelligence information to identify potential fraud or other malicious activity and escalate when necessary
- Enhance cybersecurity awareness by promoting employee education, managing anti-phishing campaigns, and communicating best practices
- Liaison between internal IT teams and business areas to perform security analysis related to the use of new applications and software
- Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within security and to our business partners
- Engage in ad-hoc projects as required
Qualifications:
- Recent graduate in the field of Cybersecurity, Information Systems Management, or Risk Management, or at least 2 years of experience in cyber security, technology risk, GRC, or technical compliance roles
- Strong understanding of security concepts and practical usage
- Knowledge of ISO 27001, ISO 27701, NIST cyber framework, PCI-DSS, GDPR, CCPA
- Experience in evaluating and implementing security controls
- Demonstrated history of successfully executing projects with an emphasis on delivering results
- Familiarity with governance, risk, and compliance (GRC) tools
- Ability to obtain an Information Security certification (Security+, CISSP, CISM, etc.) within 12 months of hire
To learn more about our IT Department and their initiatives, visit our Tech Talent site.
For any questions you may have, please refer to our FAQ page here.
The salary for this position is $75,000-$100,000. All positions are currently eligible for annual profit award or bonus, subject to Company results.
Penguin Random House job postings include a good faith compensation range for each open position. The salary range listed is specific to each particular open position and takes into account various factors including the specifics of the individual role, and candidate's relevant experience and qualifications.
Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care/Dependent Care Flexible Spending Account, Health Savings Account, Pre-Tax and Roth 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, Commuter Benefits, Student Loan Repayment Program, Educational Assistance & generous paid time off.
Penguin Random House is the leading adult and children's publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution. Our vibrant and diverse international community of nearly 300 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children's Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others. More information can be found at http://www.penguinrandomhouse.com/.
Penguin Random House values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.
Company: Penguin Random House LLC
Country: United States of America
State/Region: New York
City: New York
Postal Code: 10019
Job ID: 268553
Tags: CCPA CISM CISSP Compliance GDPR Governance ISMS ISO 27001 Monitoring NIST Privacy Risk assessment Risk management Security analysis Threat intelligence
Perks/benefits: Career development Flexible spending account Flex vacation Health care Insurance Salary bonus Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs