Cyber Risk Analyst

JOB DESCRIPTION

Calling all originals: At Levi Strauss & Co., you can be yourself — and be part of something bigger. We’re a company of people who like to forge our own path and leave the world better than we found it. Who believe that what makes us different makes us stronger. So add your voice. Make an impact. Find your fit — and your future.

Summary of the role:

The Cyber Risk Analyst will be a member of the Cyber Risk team. The position is responsible for implementing the cyber risk operational strategy, which includes managing the Governance, Risk, and Compliance (GRC) tool, performing internal and 3rd party security risk assessments,  and driving effective alignment to the Risk Management policy. The position reports to the Manager, Cyber Risk. 

About the role:

• Program alignment to ISO 27005, CIS Top 18 Controls, and the NIST Cybersecurity Framework. 

• Oversees initial project development surrounding new processes and integrating new processes with existing ones. Communicates these changes to impacted clients and other resources. 

• Support the OneTrust GRC tool responsibilities, escalating any strategic or large decision-making to the risk manager.  

• Assist in tiering the backlog of LS&Co. vendors using the defined vendor tiering criteria and perform internal and 3rd party security risk assessments. Prioritize and select controls based on risk assessment frameworks, and partner with internal stakeholders to document each control.  

• Determine the effectiveness of in-scope controls by implementing the risk management framework aligned to ISO 27005, including management of the security risk policy, control mapping, and implementation of the risk management process in the OneTrust GRC tool. 

• Drive the policy lifecycle management process to manage & govern policies, policy lifecycle, attestation, communication, issue and actions, policy processes, and overall governance; manage the Cyber Risk Policy and make revisions as needed. 

• Manage the day-to-day exception process within the GRC tool for all GIS teams, while maintaining updates to procedures. 

• Assist in the assessment and quantification of GIS identified top risks and critical assets by performing risk analysis to increase awareness and facilitate risk identification activities.  

• Partner with regional BISOs to understand local compliance requirements and perform a risk analysis to support global compliance and other operational risk activities. 

• Manage risk remediation plans, including setting deadlines, following up on progress, and reporting on outcomes to ensure issues are mitigated and managed, risks are accounted for, and security exceptions are tracked in accordance with frameworks, policies, and standards. 

• Document and communicate corrective action plans based on risk assessment findings, ensuring issues are mitigated and managed, risks are accounted for, and security exceptions are tracked in accordance with frameworks, policies, and standards. Partner with stakeholders to develop a continuous control monitoring (CCM) approach by leveraging the GRC tool to build custom workflows and metric dashboards to drive action between risk assessments. 

• Manage and create cyber risk key risk indicators (KRIs) using OneTrust and PowerBI. 

About you:

• Bachelors or masters degree in Computer Science, Information Security or a related field. 

• Industry security certifications (i.e., CISSP, CISM, CRISC, etc.) or aspiring to receive one within a year. 

• 3+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.   

• 3+ years of experience performing internal and 3rd party risk assessments.  

• 3+ years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [ISO] 27005, NIST Cybersecurity Framework, CIS Top 18, and MITRE ATT&CK. 

• 1-3 years of experience supporting a global team of associates and contractors. 

• Knowledge of cybersecurity principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management 

• Technical proficiency with security-related systems and applications 

• Experience in developing, documenting and maintaining security procedures 

• Excellent analytical and problem-solving skills (ability to find innovative ways to resolve problems) 

• Proven ability to collect, manage, and present data, metrics, and KPIs that tell the story of the company’s security posture. 

• Excellent communication skills in the new world of remote & on-line working and highly collaborative with the ability to influence across the matrix and to build connections to enable success 

Benefits:

We put a lot of thought into our programs to provide you with a benefits package that matters. Whether it is for medical care, taking time off, improving your health or planning for retirement, we've got you covered.

Here's a small snapshot:

• Complimentary preventive health check-up for you & your spouse
• OPD coverage
• Best in class leave plan including paternity & family care leaves
• Counselling sessions to prioritizing mental well-being
• Exclusive discount vouchers on Levi’s products

We are an Equal Opportunity Employer committed to empowering individuals from all walks of life to achieve their professional goals with us, regardless of race, religion, gender, gender identity, pregnancy, disability, sexual orientation, age, national origin, citizenship status, or genetic information. We actively seek and encourage applications from diverse candidates, including those with disabilities, and offer accommodations throughout the selection process upon request.

To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. 

LOCATION

FULL TIME/PART TIME

Current LS&Co Employees, apply via your Workday account.