Employer: Danone
About the Job:
Under the direction of management, coordinates and performs Danone’s security assessment functions and control testing reporting and activities in accordance with Danone’s Internal Controls compliance, regulatory and departmental policy, and procedures. The product Analyst updates and maintains control matrices and spreadsheets and provides results of the analysis, for management’s consideration. This position ensures compliance with Danone’s internal controls, regulatory and information security policies and procedures. The analyst works with IT stakeholders, business, internal audit, internal controls, external audit firms, and regulatory agencies to provide supportive documentation as applicable, takes a supporting role in ensuring the security of all protected information collected, used, maintained, or released by Danone.
The position can be based in our office in White Plains, NY or Broomfield, CO or Fully Remote.
Business Strategy / Strategic Vision:
- Gather information about security controls, risk assessment framework, and program that align to regulatory requirements, ensuring sustainable documentation that aligns with Danone business objectives.
- Validates adequate implementation of the security standards, procedures, and controls to manage risks. Improves team reporting on findings through process improvement, automation, and the continuous evolution of capabilities.
- Review existing processes to automate and continuously monitor information security controls, exceptions, risks, testing. Helps providing accurate and consistent information for and help on developing reporting metrics, dashboards, and evidence artifacts.
- Follow regular corporate assessment and testing schedules with effectiveness and efficiency, review controls and creates reports.
- Review implementation of security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
- Performs and investigates internal and external information security risk and exceptions assessments. Document incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to management and internal controls. Communicate remediation guidance and prepares management reports to track remediation activities.
Process & Projects:
- Technology processes, IT Platforms ( Azure, Service Now, O365, vulnerability management, email filtering etc), DR and BCP planning, and/or end users.
- Agile frameworks and delivery models
Impact on Business Results:
Security issues represent a critical challenge for businesses. As data breaches become increasingly common, even among the world’s largest companies, maintaining the security and privacy of customers is a major concern for businesses and the IT organizations that support them. Benefits of IT security compliance for your business are avoiding fines and penalties, protecting business reputation, enhance data management capabilities, promotes operational benefits, supports access control and accountability.
About you:
- Bachelor’s degree in Computer Science, Information Systems, Business Administration, or other closely related field required, or equivalent experience.
- 3+ years of experience with system security, compliance and audit is desired.
- Security audit certification is desired but not required
Innovation Skills and Competencies:
Knowledge of:
- Applicable information security management, governance, and compliance principles, practices, laws, rules, regulations and frameworks NIST, ISO, PCI-DSS, HIPAA, Data Privacy, GDPR
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration
- Information systems auditing, monitoring, controlling, and assessment process
- Incident response management
- Risk assessment and management methodology.
Skills in:
- Applying enterprise governance, risk, and compliance strategy and solutions
- Conducting discovery interviews with application / infrastructure owners , process owners, business stakeholders to gather required for auditing campaigns.
- Researching and locating information related to internal and external organizations using online and other sources
- Security project management and planning
- Maintaining confidentiality
- Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions
- Using judgment and ingenuity in maintaining objectives and technical standards
- Working with diverse academic, cultural, and ethnic backgrounds
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
- Evaluate and update and/or revise program materials
- Learn quickly and apply knowledge to new situations
- Handle sensitive and confidential matters, situations, and data
About Us:
At Danone North America, you’ll work with some of the best-known food and beverage brands in the world like Activia, Silk, Horizon Organic, Two Good, Oikos, evian, and Happy Family. You’ll be part of one of the largest Certified B Corps in the world, working together to make sure our brands create real benefits for people, communities, and the planet. We have 6,000+ employees across the U.S. and Canada. Come join our movement for a healthier world: One Planet. One Health BY YOU.
Danone North America doesn’t just welcome what makes you unique, we value it. We’re proud to be an equal opportunity and affirmative action employer. All hires to our team are based on qualifications, merit and business needs. We recruit, employ, train and promote regardless of race, color, religion, disability, sex, sexual orientation, gender identity, national origin, age, veteran status, genetic characteristic or any other protected status. Faithful to our values of openness and humanism, all of our employees share in the commitment to engage one another with dignity and respect.
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf
The base compensation range for this position is $95-110K. Danone North America additionally offers a performance-based bonus and has a strong benefits package including Medical, Dental, Vision, Prescription Drug Coverage, 401k Plan, Wellness Program, Life Insurance, Tuition Reimbursement, Flexible Time Off, and Paid Parental Bonding Leave, among other benefit plan options.
