Security Risk Analyst (Flexible Location)

Shape Your World

At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper.

As a leader within Alcoa, you can help us fulfill our purpose and realize our vision to reinvent the aluminum industry. Be part of the team that is helping shape a better workplace with a better work-life balance and the equal opportunities that help everyone thrive. You have the power to shape things to make them better.

About the Role:

As the Security Risk Analyst, you will participate with the development of our new program. Your input will be key in designing and implementing the program, that is still in its developmental stage. This professional will be joining our Governance Risk & Compliance (GRC) team within the Information Technology & Automation Systems (ITAS) department. The Security Risk Analyst will be responsible for optimizing the IT risk management program that balances risk, compliance, and cost, to align with the Company’s business goals and ITAS strategy.

• Contribute to the development of the IT Risk Management Program (policy, standards development, implementation, GRC platform configuration and adoption)

• Conduct independent and comprehensive system risk assessments of the management, operational, and technical security controls and enhancements employed within or inherited by a system to determine the overall effectiveness of the controls.

• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a risk assessment or major change.

• Assess all applicable system component configurations baselines or benchmarks for currency during the system risk assessment and during change or updates for release management processes.

• Provide a comprehensive assessment of the weakness or deficiencies in the information systems and prepares the final security control gap analysis and system risk assessment report containing the results and findings from the assessment.

• Ensure that system owner corrective action plans (CAPs) are in place for vulnerabilities identified during risk assessments, audits, or self-assessments.

• Provide input to the Risk Management process and maintain and update risk management policies, standards, guidelines, and procedures.

• Validate and update security documentation reflecting the application or system security design.

• Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

• Lead the reporting efforts for all information system weakness or deficiencies plus CAPs.

• Configure and manage the risks and KPI’s in a GRC platform.

• In combination with the ITAS Security Awareness & Training Specialist, provide threat awareness, and education to Alcoa’s users (or employees & contractors).

• Collaborate with active project teams to ensure risk is adequately managed for new system/infrastructure/security projects. 

• Coordinate with the Enterprise Risk Management group for corporate level risk reporting.

• Partner with the Operations Risk Management group for overlap in information/Cybersecurity related risks.

What you can bring to the role:

• Bachelor’s degree Information Systems Security or Management, Cybersecurity, Computer Science, Risk Management, or equivalent degrees.

• 6+ years of experience in Information Security/Cybersecurity risk and mitigation strategies, technologies, programs, and operations. 

• Experience with regulatory compliance and information security management frameworks (ISO-27001, ISO-27002, ISO-27005, ISO-31000, NIST800-39, NIST800-53)

• Experience with GRC Platforms (AuditBoard) and one or more certifications such as CRISC, CGRC, GRCP™, ISC2 CGRC – preferred but not required.

• Knowledge of risk management processes, security architectures and technologies, data security, privacy principles, cyber defense, and vulnerability assessment tools.

• Familiarity with application vulnerabilities, identity, access control methods, networking concepts and protocols, and security methodologies

• Collaborate with stakeholders to make informed and balanced decisions about risk that balance the benefits of risk reduction and business performance.

• Performing business impact assessments, privacy impact assessments, and threat assessments.

• Interpreting system vulnerability and configuration scanner results to identify vulnerabilities.

• Previous experience working with a manufacturing or industrial organization, preferred but not required.

What’s on offer:

• 401(k), employer match up to 6%, additional employer retirement income contribution (no vesting period), and a nonqualified deferred compensation plans​;

• 15 days’ vacation and one flexible holiday of your choice​;

• Flexible spending accounts and generous employer contribution to the HAS;

• Paid annual volunteer hours; 

• Career development opportunities to pursue your passions; and

• Social and diversity focused engagement opportunities.

#LI-TL2

#LI-Hybrid

#LI-Remote  

About the Location

Working at the Pittsburgh Alcoa Corporate Center, located on the thriving North Shore of Pittsburgh, allows employees to experience firsthand, whether working virtually or on-site or a hybrid of the two, what being a values-based company means. Through daily interactions with colleagues and exposure to some of the organization’s highest-level executives, the office creates an environment in which all employees can develop and contribute to their full potential. Outside of the office, Pittsburgh itself is one of the country’s most livable and affordable cities – combining the city feel with small town charm.

We are values led, vision driven and united by our purpose of transforming raw potential into real progress.  Our commitments to Inclusion, Diversity & Equity include providing trusting workplaces that are safe, respectful and inclusive of all individuals, free from discrimination, bullying and harassment and that our workplaces reflect the diversity of the communities in which we operate.   

As a proud equal opportunity workplace and affirmative action employer, Alcoa is dedicated to providing equal opportunities and equal access to all individuals regardless of a person’s gender, age, race, ethnicity, sexual orientation, gender identity, religion, nation of origin, disability, veteran status, language spoken or any other characteristic or status protected by the laws or regulations in the places where we operate.  

If you have visited our website in search of information on U.S. employment opportunities or to apply for a position, and you require an accommodation, please contact Alcoa Recruiting via email at gssrecruiting@alcoa.com.  

This is a place where you are empowered to do your best work, be your authentic self, and feel a true sense of belonging. Come join us and shape your career!  

Your work. Your world. Shape them for the better.