- The HP Cyber Security GRC &, Information Security team&rsquo,s Risk Management Analyst is responsible for execution and participation in Risk Management assessments, classification, risk gap analysis, and partnering with Sr. colleagues to develop risk mitigation plans on HP&rsquo,s most critical assets and 3rd Party risks. The Analyst supports the Sr.-level Risk Analysts to ensure all risk assessments, gap analysis, and risk mitigation plans are implemented, and monitored to ensure comprehensive risk management and compliance with regulatory, contractual (PCI) and enterprise policies and requirements are adhered to. The position reports to the Head of GRC &, Information Security and works closely with teams in other cyber security, information security, &, IT disciplines, capability owners, support, and operations to help provide protection to HP&rsquo,s critical assets.
- &bull, Ensure timely execution of Cyber Security and Information Security risk management process execution including analysis, aggregation and reporting of material risks related to HP&rsquo,s third party risk management
- &bull, Identify issues and root causes including facilitation of risk mitigation plans including security concepts, controls, and awareness &, training in alignment with HP Policy &, Standards
- &bull, Provide analyst supporting consultation on risk management controls to involved stakeholders and partners with them to effectively manage third party risk
- &bull, Partner with peer analyst stakeholders (including at minimum: Supply Chain, Factory Chain, IT, Enterprise Risk Management, Procurement) to effectively coordinate execution of security concepts &, controls
- &bull, Prepare and present risk management reports, scorecards, and briefings
- &bull, Review key metrics and overall performance with internal stakeholders and appropriate-level third parties
- &bull, Support internal &, external audit readiness related to 3rd Party risk management
- &bull, Support the implementation of HP Policy, standards, guidelines, tools, and documentation for consistent execution of third party management activities
- &bull, As needed, participate in risk assessments in other cyber security and information security areas of focus
Education and Experience Required:
- &bull, Bachelor's Degree in Information Security, Cyber Security, or related
- &bull, 2-3 years of relevant experience in Risk Management, Governance &, Compliance, Cybersecurity, Information Security or IT domains that have relatable experience.