Senior IT Security Analyst - Risk/Control/Audit

The Global Information Security team works diligently every day to keep Wolters Kluwer's systems, data, and digital infrastructure secure, while protecting its people, assets, brand, and reputation from malicious cyber actors.

Through training, sharing of best practices and the rollout of expanded enterprise security tools, the GIS team empowers employees to do their part to keep our systems secure.

Within Global Information Security, the Compliance & Assurance function leads compliance programs (SOC 2, SOC 1, ISO 27001, HIPAA, FedRamp, NIST...) and ensures the supporting control framework is adequate

ROLE

Within the Compliance & Assurance function, the Senior IT Security Analyst establishes information security compliance and assurance programs that meet business requirements and undertakes risk management, control management, audit management, and control framework improvement related activities.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Compliance & Assurance programs:

• Collaborate with Wolters Kluwer businesses to understand their information security compliance and assurance needs.

• Establish and manage compliance and assurance programs accordingly.

• Bring information security compliance expertise; educate on compliance matters.

• Support the design, implementation, and performance of IT controls to help ensure compliance.

IT Audit:

Contribute to compliance and assurance audits in general, including:

• Help define pluriannual audit plans.

• Coordinate interactions between internal teams and auditors.

• Prior to audits, prepare audited teams.

• During audits, facilitate walkthroughs, gathering and checking of evidence requested by auditors; perform audit activities, if applicable.

• After audits, ensure that resulting observations are addressed, with corrective and preventive actions defined, assigned, understood, and implemented within agreed timeframes.

• Maintain audit management methodology and associated tools.

IT Risk management:

Contribute to risk management activities in general, including:

• Risk identification, evaluation, and treatment.

• Regular review of risks.

• Implementation of risk treatment actions.

• Maintenance of risk management methodology and associated tools.

IT control:

Contribute to the management of information security controls in general, including:

• Review controls regularly to ensure their continuing adequacy and effectiveness.

• Perform controls that fall under Compliance & Assurance.

• Monitor controls to help ensure timely completion with the expected quality.

• Manage control deviations.

• Maintain control management methodology and associated tools.

Action plans:

Manage corrective and preventive actions, and other improvement projects, resulting from the above compliance, audit, risk, and control activities, including:

• Support the definition of action plans that adequately address audit observations, compliance deviations, risk treatment actions, and control improvement overall.

• Monitor and document the progress of action plans.

• Timely alert of any issues with the action plans.

EXPERIENCE/JOB QUALIFICATIONS

• University degree in general engineering or related to information security, IT, or software development (BAC+5 in France).

• Security certifications are valued.

• 8 to 15 years in IT environment.

• IT risk, control, audit.

• Compliance frameworks, such as SOC 2, SOC 1, ISO 27001, HIPAA, FedRamp, NIST.

• Cloud environments: Microsoft Azure, AWS (Amazon Web Services).

• Enablon software – or equivalent – nice to have.

• Software development in an Agile environment.

• Security tools: antivirus, firewalls, WAF, SIEM…

• Microsoft 365 – Outlook, Word, Excel, PowerPoint, Teams.

• Ability to write documents that are read, adopted, and used by the intended audience.

• Fluent in French and English. Dutch is a nice to have.

Location: France, Bois-Colombes office (Hauts de Seine)

2 days remote work per week

Join us at Wolters Kluwer and be part of a dynamic global technology company that makes a difference every day through our deep domain expertise.

We’re innovators with impact. We provide expert software and information solutions that the world’s leading professionals rely on, in the moments that matter most.

With a global leader, you'll be part of a growing, business, with operations in more than 50 countries, customers in more than 180 countries, 21,000 colleagues worldwide, and €5.5 billion in revenue.

Be the difference

If making a difference matters to you, then you matter to us.