Garmin manufactures marine, aviation, and consumer technologies suitable to run on positioning systems. They are seeking a full-time Cyber Security Risk Analyst 2 responsible for assessing and monitoring third-party adherence to information security policies. The role involves identifying risks, conducting assessments, and contributing to risk management strategies.
Assign preliminary risk profile by identifying the information security risk factors based on data classification, design, functional purpose, and use
Determine if compensating controls are necessary due to inability to comply with primary control requirements and assist in determining compensating controls when needed
Work directly with system owners to identify mitigation of known risk
Complete and present risk assessment evaluations to management stakeholders articulating risk and impact analysis when information security control deficiencies are identified to ensure transparency and appropriate level of acceptance
Regularly contribute to management reports covering information security risk treatment, mitigation, and risk metrics
Adhere and contribute to Information Security policies, standards, procedures, technical security baselines
Conduct security and privacy assessments on third-party vendors and partners which includes initiating discovery sessions, leading architecture assessments, analyzing questionnaire responses, reviewing due-diligence documentation, participating in legal reviews, and facilitating risk reviews in accordance with established procedures
Participate in development and execution of third-party risk management strategies
Qualification
Required
Bachelor’s Degree in Computer Science, Information Technology, Management Information Systems, or related field AND a minimum of 2 years relevant experience OR an equivalent combination of education and experience.
Experience managing risk across all risk management lifecycle stages
Understanding of industry frameworks and best practices (ex. NIST, ISO, OWASP, CIS, etc.)
Understanding of network design, security protocols and cloud integration security
Be team-oriented with ability to influence people without having direct management authority and motivate them to successfully mitigate risk within required timelines.
Demonstrated strong and effective verbal, written, and interpersonal communication skills along with strong analytical and problem-solving skills
Demonstrated quality and effectiveness in work documentation and organization
Ability to convey complex security issues and risks while maintaining a positive relationship with key stakeholders
Preferred
Possess an understanding of project management including design review, threat modeling and risk profiling while working across a large, distributed organization and must apply the understanding to a diverse IT community to include policy, regulations, and compliance requirements
Competent with Microsoft productivity apps (ex. Outlook, Word, Excel, etc.) and experience using Confluence and Jira
Familiarity with data privacy compliance standards (ex. CCPA, GDPR, etc.)
Experience with various regulatory compliance, information security, and risk management frameworks
Working knowledge of vendor risk management tools
Training and/or certifications such as CCSK, CCAK, CISA, CTPRP, C3PRMP, CTPRA, CRCM, CERP
Benefits
Garmin manufactures marine, aviation, and consumer technologies suitable to run on positioning systems.
Glassdoor
3.9
Founded in 1989
Olathe, Kansas, USA
10001+ employees
https://www.garmin.com/en-US/
Garmin manufactures marine, aviation, and consumer technologies suitable to run on positioning systems.
