As a leader within Alcoa, you can help us fulfill our purpose and realize our vision to reinvent the aluminum industry. Be part of the team that is helping shape a better workplace with a better work-life balance and the equal opportunities that help everyone thrive. You have the power to shape things to make them better.
About the Role:
As the Security Risk Analyst, you will participate with the development of our new program. Your input will be key in designing and implementing the program, that is still in its developmental stage. This professional will be joining our Governance Risk & Compliance (GRC) team within the Information Technology & Automation Systems (ITAS) department. The Security Risk Analyst will be responsible for optimizing the IT risk management program that balances risk, compliance, and cost, to align with the Company’s business goals and ITAS strategy.
Contribute to the development of the IT Risk Management Program (policy, standards development, implementation, GRC platform configuration and adoption)
Conduct independent and comprehensive system risk assessments of the management, operational, and technical security controls and enhancements employed within or inherited by a system to determine the overall effectiveness of the controls.
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a risk assessment or major change.
Assess all applicable system component configurations baselines or benchmarks for currency during the system risk assessment and during change or updates for release management processes.
Provide a comprehensive assessment of the weakness or deficiencies in the information systems and prepares the final security control gap analysis and system risk assessment report containing the results and findings from the assessment.
Ensure that system owner corrective action plans (CAPs) are in place for vulnerabilities identified during risk assessments, audits, or self-assessments.
Provide input to the Risk Management process and maintain and update risk management policies, standards, guidelines, and procedures.
Validate and update security documentation reflecting the application or system security design.
Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
Lead the reporting efforts for all information system weakness or deficiencies plus CAPs.
Configure and manage the risks and KPI’s in a GRC platform.
In combination with the ITAS Security Awareness & Training Specialist, provide threat awareness, and education to Alcoa’s users (or employees & contractors).
Collaborate with active project teams to ensure risk is adequately managed for new system/infrastructure/security projects.
Coordinate with the Enterprise Risk Management group for corporate level risk reporting.
Partner with the Operations Risk Management group for overlap in information/Cybersecurity related risks.
What you can bring to the role:
Bachelor’s degree Information Systems Security or Management, Cybersecurity, Computer Science, Risk Management, or equivalent degrees.
6+ years of experience in Information Security/Cybersecurity risk and mitigation strategies, technologies, programs, and operations.
Experience with regulatory compliance and information security management frameworks (ISO-27001, ISO-27002, ISO-27005, ISO-31000, NIST800-39, NIST800-53)
Experience with GRC Platforms (AuditBoard) and one or more certifications such as CRISC, CGRC, GRCP™, ISC2 CGRC – preferred but not required.
Knowledge of risk management processes, security architectures and technologies, data security, privacy principles, cyber defense, and vulnerability assessment tools.
Familiarity with application vulnerabilities, identity, access control methods, networking concepts and protocols, and security methodologies
Collaborate with stakeholders to make informed and balanced decisions about risk that balance the benefits of risk reduction and business performance.
Performing business impact assessments, privacy impact assessments, and threat assessments.
Interpreting system vulnerability and configuration scanner results to identify vulnerabilities.
Previous experience working with a manufacturing or industrial organization, preferred but not required.
At Alcoa, we turn ideas into innovation. Impossibility into impact. What if, into what is. We are unlocking the value inside our people and processes to change the industry and shape the world we live in.