Cybersecurity Risk Assessor
Description -
As the world around us becomes more connected and digital, cybersecurity attacks increase opportunities for fraud and disruption. In this constantly changing landscape, the need for companies, products, and services to be secure is more important than ever.
Are you passionate about keeping good people safe from bad actors? We are too! We are HP Cybersecurity and we are tasked with the security of the HP enterprise. As HP continues our digital transformation, the work of the cybersecurity professional is never complete and is always interesting. Come be a part of making a difference with us!
The HP Cybersecurity Risk Analyst is responsible for end-to-end cyber security risk management, including risk identification, analysis and evaluation, identifying remediation requirements, and supporting remediation efforts. Defined risk assessment processes and risk management methodologies are utilized to meet these objectives. This role also contributes to and/or leads continuous process improvements to enhance HP’s cyber security GRC capabilities.
The Cybersecurity Risk Data Analyst controls data flows and identifies relevant cybersecurity-related information to understand trends and reflects them in reporting tools that enable cybersecurity data-driven decisions, plans, and actions to keep HP secure. Also collaborates across teams to assess, consult, and implement data & automation solutions.
What a Cybersecurity Risk Analyst does at HP:
- Scopes, manages and performs cyber security risk and/or compliance assessments.
- Maintains the risk register for all assessed assets utilizing eGRC/IRM solution.
- Provides risk mitigation/remediation guidance to stakeholders.
- Contributes to and/or leads the continuous improvement and maturation of GRC practices.
- Prepares and presents risk management reports, scorecards, and briefings as required
- Monitors industry cybersecurity threats, cybersecurity best practices, regulatory changes, corporate updates, and geo-political changes impacting HP’s security
- Scopes, manages, and performs cybersecurity risk data analysis to determine relevant information, and trends and detects reporting needs.
- Maintains and improves data sources, data acquisition, and data quality.
- Works with cross-functional teams to ensure accurate information is integrated into reporting services.
- Provides data management guidance to stakeholders and team members.
Individuals who thrive in this role at HP, typically have:
- Bachelor’s degree (preferably in computer science, engineering or related area of study, or equivalent experience).
- Typically, 6+ years of relevant experience, including conducting risk and compliance assessments.
- Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT.
- Solid working knowledge of industry frameworks and standards, including ISO27001/27002/27005, NIST CSF, NIST 800-53, SOC2, PCI-DSS, SIG.
- Knowledge of common GRC processes, including risk management, exception to policy, policy management, controls management/mapping, and auditing.
- Results-driven, strong analytical skills, ability to connect the dots to make better decisions.
- Able to deal well with ambiguity, balancing risk with potential delays.
- Fluent in Oral and written communications.
- Able to work effectively in a team and with various stakeholders at various organizational levels
- Excellent responsiveness, organizational, and time management skills.
- Proactive in seeking problem resolution.
- Experience in data extraction, database management, and Power BI dashboard design & maintenance, SharePoint design & maintenance, Excel advanced functionality is a plus.
About the team:
The Cybersecurity Governance, Risk Management and Compliance team is a key pillar of the Cybersecurity organization responsible for protecting the HP Enterprise against cyber threats. The GRC team is a diverse group of cyber security professionals who collaborate with all disciplines within Cybersecurity as well as business and functional stakeholders as trusted advisors to effectively manage cyber security risks to the business.
The base pay range for this role is $123,950 to $190,900 annually with additional opportunities for pay in the form of bonus and/or equity (applies to US candidates only). Pay varies by work location, job-related knowledge, skills, and experience.
Benefits:
HP offers a comprehensive benefits package for this position, including:
- Health insurance
- Dental insurance
- Vision insurance
- Long term/short term disability insurance
- Employee assistance program
- Flexible spending account
- Life insurance
- Generous time off policies, including;
- 4-12 weeks fully paid parental leave based on tenure
- 11 paid holidays
- Additional flexible paid vacation and sick leave (US benefits overview)
The compensation and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Job -
Information Technology
Schedule -
Full time
Shift -
No shift premium (United States of America)
Travel -
Relocation -
Equal Opportunity Employer (EEO) -
HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).
Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.
If you’d like more information about HP’sEEO Policyor your EEO rights as an applicant under the law, please click here:Equal Employment Opportunity is the LawEqual Employment Opportunity is the Law – Supplement