Sr. IT Analyst (Global Risk and Compliance) - Full Time

Your Career Begins at Timken
If you're ready for a challenging career that provides you with the ability to advance personally and professionally, look to Timken. Our associates make the world more productive by improving the efficiency and reliability of the machinery that keeps industry in motion.

Purpose

The Governance and Compliance IT Analyst serves as the process owner for the global enterprise's information security policy, compliance, awareness, and communication activities. All associated efforts are to promote and advance an information security-aware culture and must reflect compliance with applicable federal and industry regulations and company information security policies and standards.

The GRC IT analyst will work closely with the information technology group, each of the business units, our strategic technology partners and external vendors to ensure security policies and practices are correctly implemented across the organization. This position will review all technology rollouts to ensure the appropriate application of policies, standards, and coordination of communication with all critical projects and that security controls are applied appropriately, at the appropriate project phase, and report successes and concerns to the IT leadership team.

Essential Responsibilities

1. Ownership for the risk and compliance technology roadmap, by planning and implementing global policies and standards to protect the information assets of the organization, information entrusted to the organization by third parties, and information as required by compliance obligations related to law, regulation, contract or adopted best practice
2. Follows proper Timken processes to create and approve new risk and governance policies.
3. Monitors compliance with the organization's information security policies and standards among employees, contractors, alliances, and other third parties, facilitating remediation by referring problems to appropriate department managers for resolution
4. Coordinates the development, implementation, and promotion of effective information security awareness and training within the organization with the goal of making all employees, contractors, alliances, and other third parties security aware.
5. Lead on internal and external risk and compliance audits coordinating internal resources, executive responses, and communication with audit team members.
6. Outline organizational process for engineered controlled data model, business practices, and governance.
7. Establishes and maintains strong working relationships and communications with organizational business units involved with security matters (ex. Legal, Internal Audit, Financial Controls, Human Resources, Enterprise Risk Management, Physical Security, Information Technology, etc.)
8. Regularly initiates proactive quality measurement studies and metrics to ensure the information security operates in a manner consistent with the organizations Statement of Applicability (SOA) and levels of acceptable risk (which may include competitor benchmarking studies, industry baseline controls comparisons, peer review comparison efforts, and internal and external tests, and customer satisfaction surveys)
9. Provides support for coordinated regulatory reviews and audit issue monitoring
10. Coordinates and promotes the utilization of the Corporate Information Security intranet web site as an information and awareness tool.

Technical/Functional Skills

• Understanding of federal and industry regulations associated with information security such as NIST, HIPAA, SOX, etc.
• Knowledge of controls frameworks and industry standard frameworks (FAIR, COBIT, NIST CSF, SOC, ISO, etc.)

Minimum Qualification :

• Bachelor's degree in computer science, business, or related.
• 5-7 years of experience in IT related industry and/or roles.
• Certifications in Information Security, preferred.
• Must be a US Citizen or permanent resident.

All qualified applicants shall be treated equally according to their individual qualifications, abilities, experiences and other employment standards. There will be no discrimination due to gender or gender identity, race, religion, color, national origin, ancestry, age, disability, sexual orientation, veteran/military status or any other basis protected by applicable law.