Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Information Security Business Analyst III

Tenneco Inc.

Information Security Business Analyst III

Lake Forest, IL
Full Time
Paid
  • Responsibilities

     

    Principal Accountabilities:

    Manage and monitor the information security risk management process for IT services to define and implement an appropriate level of confidentiality, availability, and integrity of Tenneco data and systems.

    • Compile raw data into actionable reports for decision making purposes.
    • System Administration for the Tenneco enterprise Information Security Risk Management automated tool. Configuration of the tool including but not limited to; creation or selection of information security and risk management surveys, controls, assignment of ownership of information systems, business processes, applications, and other applicable tool tasks.
    • Manages the Data Loss Prevention (DLP) Process for Business response, tracking and reporting. The Information Security Business Analyst (ISBA) III serves as the technical representative to interface with the Tenneco business units. The ISBA must ensure that the applied controls are in alignment with Tenneco policy for data leakage protection.
    • Search and provide continuous improvements and development suggestions for internal audits.
    • Assist with the recommendations of information security controls or process improvements.
    • Lead or participate in Information Security Risk Assessments of Third Party Vendors.
    • Lead or participate in internal Information Security Risk Assessments of Tenneco Information Systems.
    • Participate and Facilitate IT Risk Assessments of Tenneco IT processes, policies, and controls.
    • Report and Monitor Information Risk Action Plans.
    • Serve as a Lead resource for Information Risk Management program activities which include engaging Tenneco Business and Information Technology Leadership.

     

    Communication and Reporting:

    Consolidate, interpret, and report key information security risk / trends and understand effectiveness of controls in managing the key risks. This includes contribution to centralized reporting efforts and initiation of ad hoc analyses and reporting for a variety of stakeholders to ensure that appropriate parties are aware of information security issues. 

     

     



    Required Skills


    Required Experience

    Required Qualifications:

    • Multiple years of success working on both technical and business teams as related to information governance risk and compliance.
    • Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitating appropriate resource allocation, and increasing the maturity of the security. 
    • Proficiency with common information security management frameworks. Demonstrated ability to communicate effectively with stakeholders and customers regarding technical and business concepts.  
    • Evaluate and assess emerging security threats, vulnerabilities, and works with business and IT personnel to identify risk to Tenneco. 
    • Demonstrated experience with global or multinational clients.
    • Excellent written and verbal communication and presentation skills for leadership, technical, and business audiences. 
    • Analytical/problem solving ability; critical thinking skills. 
    • Strong ability to communicate across all levels of the organization. 
    • Ability to communicate with technical and not-technical personnel security risk and mitigation options.
    • A Bachelor degree and a minimum of five years of related experience is required.
    • Monitors due diligence of information security risk processes and results on an ongoing basis.
    • Identifies and evaluates the magnitude and documents information security risks ensures necessary approvals are obtained.
    • Manages Information Risk Issues to ensure that these are current, accurate supported by sound resolution plans or formal risk acceptance by business executive.
    • An ability to work effectively in a matrix organization is essential.


    Preferred Qualifications:

    • Experience in operating, monitoring and enforcing security policies, standards, tools, controls, and systems in large scale organizations.
    • Demonstrable understanding of information security and control principles and technology.
    • Experience of working within a quality, compliance, and security management framework.
    • Industry-recognized information security management certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) desired. 
    • Ability to successfully deliver in a global environment with different cultural challenges.
    • Good problem-solving and analytical skills, able to determine the impact of issues quickly to prioritize corrective actions.
    • Experience with data analytics tools is a plus.
    • Excellent communication and presentation skills (both written and oral).
    • Highly effective planning and prioritization skills.
    • Experience with administration and Configuration of an Information Security Risk Management Module of GRC Tool is a plus.
    • Experience with administration and Execution of Data Loss Prevention (DLP) business processes in a corporate environment is a plus.
    • Enterprise Resource Planning (ERP) tool security experience a plus.

     

    We are an equal opportunity employer. Employment selection and related decisions are made without regard to gender, race, age, disability, religion, national origin, color, gender identity, sexual orientation, veteran status or any other protected class.