Sr Security Analyst (IT Risk/Compliance & Governance)

About Gartner IT:

Join a world-class team of skilled engineers and analysts who build creative digital solutions to support our colleagues and clients.  We make a broad organizational impact by delivering cutting-edge technology solutions that power Gartner.  Gartner IT values its culture of nonstop innovation, an outcome-driven approach to success, and the notion that great ideas can come from anyone on the team. 

About the role
 

Gartner information security teams are a group of passionate information security professionals dedicated to Protecting, Detecting, and Responding to threats. Our team is filled with lifelong learners who are consistently researching ways to better defend and stay ahead of the threats of tomorrow. We are a collaborative group, where good ideas come together whether they come from the most experienced or the newest members of the team.

Gartner is looking for a well-rounded and motivated Sr Security Analyst to join its Governance Risk Management team which is responsible for providing IT Risk Management; IT Policies, Standards and Controls; and Audit/Governance oversight.

The Sr Security Analyst will be responsible for supporting Gartner’s security control environment by managing risk associated with Information Technology, Security Certifications (e.g., ISO 27001:2022, UK CE+, CMMC), Information Security, Privacy, Regulatory Compliance and Governance. This individual will play an integral role in: (i) working closely with Information Security partners, and technology stakeholders to audit/test controls; (ii) ensuring risks are identified and understood; (iii) developing and tracking risk remediation plans across our various business units; and (iv) update or create Policies and Standards. This individual should have extensive experience with developing and implementing risk frameworks, understanding regulatory requirements, assessing control compliance and working with external assessors.
 

What you will do

• Serve as subject matter expert and manage IT Information Security Certifications (e.g., ISO 27001:2022, UK CE+, CMMC)
• Assess our control effectiveness and conduct control gap analysis in preparation for certification assessments
• Fully own and run the certification/assessment program, ensuring compliance and streamlining a repeatable process, including working with the Gartner Finance and procurement as well as the vendor performing the assessment
• Track certifications/assessments to ensure we and our IT/Business partners are prepared each year for a smooth process during the actual assessment
• Serve as subject matter expert and manage IT Information Security Policies and Standards.
• Fully own and run the Policy/Standard/Control program ensuring each support the required certification and audit requirements as well as address overall risk
• Track Policies/Standards/Controls to ensure all are fully reviewed and updated on time; and appropriate stakeholders are involved
• Understand “voice of the customer” and develop mechanisms to proactively sense adoption and usage patterns of current or emerging consumer technologies so that policy can align with need.
• Provide leadership/peers/business with reporting and timely updates that tells the story needed for the audience.
• Continuously look for ways to improve (quality and efficiency) the process.
• Take ownership of assignments & drive them to completion.
• Work collaboratively across functional areas for innovation to turn new ideas into reality.
• Assist others on the team for Client support including contract reviews and client questions.

What you will need

Ideal candidates have experience in IT with a strong understanding of Information Security. Candidates should have strong communication and attention to detail.  Strong communication to partner with many departments within Gartner, vendors performing assessments, as well as occasionally working directly with clients.  Strong attention to detail to ensure we provide accurate and consistent information to all stakeholders (internal and external) for Certification assessments, and Policy creation and updates. 

Must have

• Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field.
• 3-5 years of experience in IT and/or Information Security.
• Proven communication, collaboration, critical thinking skills and attention to detail.
• Strong understanding of, and the ability to fully execute, achieving ISO 27001:2022.
• Familiarity with and ability to apply knowledge of frameworks to obtain/keep other certifications such as CMMC, UK CE +.
• Strong experience with Policy/Standard/Controls.
• Familiarity with Risk Registry, Risk Exceptions, Audit Process.
• Experience with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53.
• Have a knack for finding flaws in processes and the ability to efficiently communicate how to fix them.
• Proven ability to communicate and educate Engineering and Architecture teams as to why Information Security, Policies and Certifications are important functions to the business.

Nice to have

• Understanding and working experience with cloud / server / container / vulnerability security tools.
• Preferred skills in Microsoft Office/O365, GDrive, JIRA, OneTrust and Confluence.
• Bonus skills PowerBI reporting understanding.

Who you are

• Proven communication, collaboration, and critical thinking skills.
• Ability to define and communicate risk in a business-relevant language and to non-technical audiences.
• Able to work independently or within a team proactively in a time sensitive operations environment.
• Innovation mindset – Takes opportunities to make existing processes more efficient and thinks “automation first”.
• Strong desire to improve upon and broaden their skills in information security.

Don’t meet every single requirement? We encourage you to apply anyway. You might just be the right candidate for this, or other roles.

#NS-LI4

Who are we? 

At Gartner, Inc. (NYSE:IT), we guide the leaders who shape the world.

Our mission relies on expert analysis and bold ideas to deliver actionable, objective insight, helping enterprise leaders and their teams succeed with their mission-critical priorities.

Since our founding in 1979, we’ve grown to more than 20,000 associates globally who support ~15,000 client enterprises in ~90 countries and territories. We do important, interesting and substantive work that matters. That’s why we hire associates with the intellectual curiosity, energy and drive to want to make a difference. The bar is unapologetically high. So is the impact you can have here.

What makes Gartner a great place to work? 

Our sustained success creates limitless opportunities for you to grow professionally and flourish personally. We have a vast, virtually untapped market potential ahead of us, providing you with an exciting trajectory long into the future. How far you go is driven by your passion and performance.

We hire remarkable people who collaborate and win as a team. Together, our singular, unifying goal is to deliver results for our clients.

Our teams are inclusive and composed of individuals from different geographies, cultures, religions, ethnicities, races, genders, sexual orientations, abilities and generations.

We invest in great leaders who bring out the best in you and the company, enabling us to multiply our impact and results. This is why, year after year, we are recognized worldwide as a great place to work.

What do we offer? 

Gartner offers world-class benefits, highly competitive compensation and disproportionate rewards for top performers. 

In our hybrid work environment, we provide the flexibility and support for you to thrive — working virtually when it's productive to do so and getting together with colleagues in a vibrant community that is purposeful, engaging and inspiring.

Ready to grow your career with Gartner? Join us.

The policy of Gartner is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.

Gartner is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by calling Human Resources at +1 (203) 964-0096 or by sending an email to ApplicantAccommodations@gartner.com.

By submitting your information and application, you confirm that you have read and agree to the country or regional recruitment notice linked below applicable to your place of residence.

Gartner Applicant Privacy Link: https://jobs.gartner.com/applicant-privacy-policy

For efficient navigation through the application, please only use the back button within the application, not the back arrow within your browser.