Sr. 3rd Party Security Analyst
WestRock (NYSE:
WRK) partners with our customers to provide differentiated paper and packaging solutions that help them win in the marketplace. WestRocks 50,000 team members support customers around the world from more than 320 operating and business locations spanning North America, South America, Europe, Asia, and Australia. Learn more at www.westrock.com. Our technology organization is transforming how we work at WestRock. We align with our businesses to deliver innovative solutions that:
Address specific business challenges, integrate processes, and create great experiences Connect our work to shared goals that propel WestRock forward in the Digital Age Imagine how technology can advance the way we work by using disruptive technology We are looking for forward thinking technologists that can accelerate our focus areas such as building stronger foundational technology capabilities, reducing complexity, employing digital transformation concepts, and leveraging disruptive technology. Location and/or Business/Division Details (if applicable) Sr. Analyst, Third Party Risk & Security Management Norcross, GA Position
Summary:
The opportunity:
WestRock is seeking a Senior. IT Third Party Risk & Security Management Analyst to join a dynamic and exciting group within the IT Third Party Risk & Security Management organization. The main objective for this role will be working on an enterprise program to assess, identify, characterize, document, and lower supply chain and security risks to WestRock and support the overall Security initiatives and goals. They will support and/or own specific process areas within the Third-Party Security, Vendor Access, Audit & Compliance, Risk Management, and On-going Monitoring workstreams. This role will liaison with procurement, legal, business stakeholders, other IT teams, IT management, and third parties to perform the ongoing activities necessary to assess, document, and improve the security of WestRock with third party providers. This includes working with the business to determine and document inherent risk, assessing security risks for potential and existing providers, and working with legal contracts. Additionally, the Sr. IT Third Party Risk & Security Management Analyst will help define and improve processes and identify opportunities for gaining efficiencies in services and solutions leading to materially improving IT operational efficiency, improving quality, maximizing capacity, and reducing operational waste. This role will lead and/or assist in areas for third party governance, monitoring, compliance, and auditing along with training, metrics and measurement, reporting, and operational reviews. The Sr. IT Third Party Risk & Security Management Analyst will also participate on teams related to new technology solutions for Security scorecards, Third Party scanning, Monitoring solutions, etc. This will also include becoming a subject matter expert for Third Party Security tools, applications, and integration with other WestRock solutions (example:
ServiceNow). How you will impact WestRock:
The Sr. IT Third Party Risk & Security Management Analyst primary responsibilities, along with having the technical knowledge and skill to develop, manage, and maintain Third Party Security contracts, performance, and relationships, are:
o Conduct inherent risk assessments with internal stakeholders at WestRock. o Conducts technical security assessments of services with existing and new third parties (related to consulting, outsourcing, hardware, software, hosting, etc. and that which may require remote access to WestRock services, information, and systems). o Creates, reviews, and contends contractual security details for third parties. Specifically, negotiates and completes the approval and signing process of Third-Party Security contracts in accordance with the policies, goals, and objectives of the program. o Categorizes third parties for risk tiering and risk ratings based on assessments. o Creates documentation of interactions with third parties. o Collects metrics and creates technical reports and metrics for management. Actively monitor and report on Third Party performance and adherence to IT Security, Procurement, and other WestRock Policies, taking immediate actions as necessary and escalate to the IT Security leadership all issues and concerns including those regarding the Third-Party Security and Risk Management processes. Partner with IT Security Operations, Procurement, Risk Management, and Legal team members to ensure the requested Third-Party solution is aligned and appropriately documented in the security agreement and elevate any concerns for their evaluation. Report on a regular basis the performance of Third Parties against the terms and conditions of their contracts also working with WestRock Vendor Managers on out-of-compliance findings. Provide routine reporting and analysis along with dashboard tracking and monitoring specially to ensure requests are assigned, handled, and effectively completed. Lead (or assist with) documentation including procedures, knowledge articles, process flows, policies and training materials are up-to-date and reflect current state as well as develop new content for new areas stemming from improvement initiatives. Will appropriately support the Service Level Requirements, and the related Service Level Agreements through the underpinning contracts with Third Parties/Suppliers providing direct or indirect services. The Sr. Analyst will also lead or support in areas related to:
o Incidents and problems associated with the Third-Party Security and Risk Management programs, services, or processes o Proactive improvement of Third-Party security controls, and security risk management and the reduction of security risks o Work with the Vendor Service Desk in understanding if a Third Party has an active security agreement in place allowing user set up and connection for remote access o Work with Identity and Access Management team members for integration opportunities o Overall process support for the Third-Party Security and Vendor Access process and program What you need to succeed:
Bachelor's degree in an Information Systems, Software Engineering, Information Security, or other technical field or related degree (Required) 5-7 years of general IT experience with 3
preferred years specifically within Information Security areas, 2
in Third Party Risk and Security Management role. 1
years of general legal and/or security contracting and negotiations. 1
years of experience with ServiceNow, other ticketing system equivalent, or Third-Party security and risk management solutions preferred. Certifications in related field is a plus (including any of the following but not limited to):
CCSK, CTPRP, CCSP, CISSP. Strong Computer literacy skills, especially an understanding of Excel, Microsoft Office365, PowerPoint, SharePoint, Visio, PowerBI, and MS Teams. A willingness to learn information security and third-party review processes including auditing, risk management, and contract management. Experience working with information security, vendor contracts, procurement, and legal a plus. IT functional knowledge across many areas including on premise and cloud-based architectures, applications and tool sets, vulnerability testing, encryption, SDLC principles, and security best practices a plus. Experience with enterprise hardware and software implementation, application development and hosting, networking concepts, or datacenter infrastructure and operations also a plus. Committed customer focus mindset and ability to engage with all levels of the organizations and at our plants and mills. Strong level of collaboration and ability to influence others especially those with a technical background. Demonstrate ability to communicate clearly and concisely, both orally and in writing. Effective written and verbal communication skills to build and develop relationships with internal and external stakeholders. An ability to analyze data/information and explain the results clearly and succinctly. An ability to gather and use data to identify areas of change or improvement that can bring about the greatest benefit to the business. Organized with good time-management skills, and the ability to manage multiple projects or tasks simultaneously with competing deadlines in a fast-paced and dynamic environment. Ability to prioritize requests based on business expectations and/or criticality. Must be a self-starter and comfortable operating independently and be able to navigate with autonomy; provide updates on progress, re-confirm priorities, flexible and seek to clarity/help in the event of roadblocks. What we offer:
Corporate culture based on integrity, respect, accountability, and excellence Comprehensive training with numerous learning and development opportunities An attractive salary reflecting skills, competencies, and potential A career with a global packaging company where Sustainability, Safety and Inclusion are business drivers and foundational elements of the daily work. WestRock Company is an Equal Opportunity Employer committed to creating and maintaining a diverse workforce:
Minorities/Females/ Disabled/Veterans.
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
WRK) partners with our customers to provide differentiated paper and packaging solutions that help them win in the marketplace. WestRocks 50,000 team members support customers around the world from more than 320 operating and business locations spanning North America, South America, Europe, Asia, and Australia. Learn more at www.westrock.com. Our technology organization is transforming how we work at WestRock. We align with our businesses to deliver innovative solutions that:
Address specific business challenges, integrate processes, and create great experiences Connect our work to shared goals that propel WestRock forward in the Digital Age Imagine how technology can advance the way we work by using disruptive technology We are looking for forward thinking technologists that can accelerate our focus areas such as building stronger foundational technology capabilities, reducing complexity, employing digital transformation concepts, and leveraging disruptive technology. Location and/or Business/Division Details (if applicable) Sr. Analyst, Third Party Risk & Security Management Norcross, GA Position
Summary:
The opportunity:
WestRock is seeking a Senior. IT Third Party Risk & Security Management Analyst to join a dynamic and exciting group within the IT Third Party Risk & Security Management organization. The main objective for this role will be working on an enterprise program to assess, identify, characterize, document, and lower supply chain and security risks to WestRock and support the overall Security initiatives and goals. They will support and/or own specific process areas within the Third-Party Security, Vendor Access, Audit & Compliance, Risk Management, and On-going Monitoring workstreams. This role will liaison with procurement, legal, business stakeholders, other IT teams, IT management, and third parties to perform the ongoing activities necessary to assess, document, and improve the security of WestRock with third party providers. This includes working with the business to determine and document inherent risk, assessing security risks for potential and existing providers, and working with legal contracts. Additionally, the Sr. IT Third Party Risk & Security Management Analyst will help define and improve processes and identify opportunities for gaining efficiencies in services and solutions leading to materially improving IT operational efficiency, improving quality, maximizing capacity, and reducing operational waste. This role will lead and/or assist in areas for third party governance, monitoring, compliance, and auditing along with training, metrics and measurement, reporting, and operational reviews. The Sr. IT Third Party Risk & Security Management Analyst will also participate on teams related to new technology solutions for Security scorecards, Third Party scanning, Monitoring solutions, etc. This will also include becoming a subject matter expert for Third Party Security tools, applications, and integration with other WestRock solutions (example:
ServiceNow). How you will impact WestRock:
The Sr. IT Third Party Risk & Security Management Analyst primary responsibilities, along with having the technical knowledge and skill to develop, manage, and maintain Third Party Security contracts, performance, and relationships, are:
o Conduct inherent risk assessments with internal stakeholders at WestRock. o Conducts technical security assessments of services with existing and new third parties (related to consulting, outsourcing, hardware, software, hosting, etc. and that which may require remote access to WestRock services, information, and systems). o Creates, reviews, and contends contractual security details for third parties. Specifically, negotiates and completes the approval and signing process of Third-Party Security contracts in accordance with the policies, goals, and objectives of the program. o Categorizes third parties for risk tiering and risk ratings based on assessments. o Creates documentation of interactions with third parties. o Collects metrics and creates technical reports and metrics for management. Actively monitor and report on Third Party performance and adherence to IT Security, Procurement, and other WestRock Policies, taking immediate actions as necessary and escalate to the IT Security leadership all issues and concerns including those regarding the Third-Party Security and Risk Management processes. Partner with IT Security Operations, Procurement, Risk Management, and Legal team members to ensure the requested Third-Party solution is aligned and appropriately documented in the security agreement and elevate any concerns for their evaluation. Report on a regular basis the performance of Third Parties against the terms and conditions of their contracts also working with WestRock Vendor Managers on out-of-compliance findings. Provide routine reporting and analysis along with dashboard tracking and monitoring specially to ensure requests are assigned, handled, and effectively completed. Lead (or assist with) documentation including procedures, knowledge articles, process flows, policies and training materials are up-to-date and reflect current state as well as develop new content for new areas stemming from improvement initiatives. Will appropriately support the Service Level Requirements, and the related Service Level Agreements through the underpinning contracts with Third Parties/Suppliers providing direct or indirect services. The Sr. Analyst will also lead or support in areas related to:
o Incidents and problems associated with the Third-Party Security and Risk Management programs, services, or processes o Proactive improvement of Third-Party security controls, and security risk management and the reduction of security risks o Work with the Vendor Service Desk in understanding if a Third Party has an active security agreement in place allowing user set up and connection for remote access o Work with Identity and Access Management team members for integration opportunities o Overall process support for the Third-Party Security and Vendor Access process and program What you need to succeed:
Bachelor's degree in an Information Systems, Software Engineering, Information Security, or other technical field or related degree (Required) 5-7 years of general IT experience with 3
preferred years specifically within Information Security areas, 2
in Third Party Risk and Security Management role. 1
years of general legal and/or security contracting and negotiations. 1
years of experience with ServiceNow, other ticketing system equivalent, or Third-Party security and risk management solutions preferred. Certifications in related field is a plus (including any of the following but not limited to):
CCSK, CTPRP, CCSP, CISSP. Strong Computer literacy skills, especially an understanding of Excel, Microsoft Office365, PowerPoint, SharePoint, Visio, PowerBI, and MS Teams. A willingness to learn information security and third-party review processes including auditing, risk management, and contract management. Experience working with information security, vendor contracts, procurement, and legal a plus. IT functional knowledge across many areas including on premise and cloud-based architectures, applications and tool sets, vulnerability testing, encryption, SDLC principles, and security best practices a plus. Experience with enterprise hardware and software implementation, application development and hosting, networking concepts, or datacenter infrastructure and operations also a plus. Committed customer focus mindset and ability to engage with all levels of the organizations and at our plants and mills. Strong level of collaboration and ability to influence others especially those with a technical background. Demonstrate ability to communicate clearly and concisely, both orally and in writing. Effective written and verbal communication skills to build and develop relationships with internal and external stakeholders. An ability to analyze data/information and explain the results clearly and succinctly. An ability to gather and use data to identify areas of change or improvement that can bring about the greatest benefit to the business. Organized with good time-management skills, and the ability to manage multiple projects or tasks simultaneously with competing deadlines in a fast-paced and dynamic environment. Ability to prioritize requests based on business expectations and/or criticality. Must be a self-starter and comfortable operating independently and be able to navigate with autonomy; provide updates on progress, re-confirm priorities, flexible and seek to clarity/help in the event of roadblocks. What we offer:
Corporate culture based on integrity, respect, accountability, and excellence Comprehensive training with numerous learning and development opportunities An attractive salary reflecting skills, competencies, and potential A career with a global packaging company where Sustainability, Safety and Inclusion are business drivers and foundational elements of the daily work. WestRock Company is an Equal Opportunity Employer committed to creating and maintaining a diverse workforce:
Minorities/Females/ Disabled/Veterans.
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
