About Information Security at UPS Technology: Our top-notch Information Security team quickly finds and responds to real time threats. These critical-thinkers have a hunger to keep ahead of new exploits and security trends. As a part of UPS InfoSec, you’ll continue to uphold our reputation for integrity in this growing and ever-changing field.
About this role:
The Sr. InfoSec Analyst conducts information security assessments and compliance reviews on internal UPS systems and third party vendors. The Sr. Analyst will prepare and initiate assessments/audits facilitated by electronic survey's and questionnaire assessments, interviews and security control reviews. Provides support for internal and external security assessments, including gathering and discussing evidence, and tracking remediation responses and activities. The Sr. Analyst is expected to perform the following key tasks:
Identifies key points of contact, establishes communication channel. Collaborates with functional teams on cyber risks and company information security initiatives
Initiates security assessment/audit overview meetings and schedule Q&A sessions
Performs security risk assessments and provides information security awareness. Conducts internal security and confidential information investigations and information usage security audits
Leads and supports enterprise wide information security and cyber risk assessments with technical and non-technical teams
Manages assessment/audit time line for questionnaire, interview, evidence verification, and report preparation
Proactively identifies and develops recommendations to information security and cyber risk issues and vulnerabilities by working with multiple teams including privacy, compliance, internal audit, legal, HR, information technology, etc
Contributes to the development of the information security requirements of vendor and customer security control requirements to ensure UPS's information assets are protected, and follow UPS policies, standards and compliance obligations
Ensures all Infosec controls meet company standards for confidentiality, integrity, availability and defense in depth security principles
Provides security control remediation responses where Infosec controls are found to be deficient or non-compliant
Responds to UPS customer inquiries and audits of UPS's security program
Reviews and negotiates InfoSec contractual terms in vendor/customer contracts
Develops and maintains relevant security risk metrics to promote transparency across the organization. Measures, monitors and reports on information security risks to Sr. Management
Performs other duties as assigned
This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.
Experience gathering information from a range of different sources, developing and creating search queries
Experience in using InfoSec assessment/audit tools and/or controls questionnaires based industry standard frameworks (i.e. NIST; ISO; Cobit; CSA)
Experience using GRC tools and technologies in support of the assessment/audit process
Advanced Experience with Auditing Controls, I.T. Auditing fundamentals, Cybersecurity Analysis and documentation
Demonstrated experience across information security and cyber risk domains required
Demonstrated Project Management experience
Candidate must have excellent organization skills and be a self-motivated learner
CISA, CRISC, CISM, or CISSP certifications
Bachelor's degree in Information Technology, Information Security, Computer Science, Auditing or related discipline
Demonstrated advanced communication skills
Excellent organization skills and be a self-motivated learner
Internal Number: 2029210287
About UPS Information Technology
Future You makes technology do the impossible! With our commitment to making a significant investment in technology initiatives each year, the scale of technology at UPS allows Future You to dream big and realize bigger. From cloud technology to network planning tools, telematics to encryption, we’re empowering our IT team with the latest tools to serve customers and drive our organization forward. We offer diverse experiences as part of a global team working with the latest technologies on large-scale projects.
There's nothing stopping the Future You!