Cyber Security Risk Management & Information Protection-Sr. Technical Analyst
The HP Cyber Security GRC & Information Security team's Risk Management Sr. Technical Analyst is responsible for execution and participation in Risk Management assessments, classification, risk gap analysis, and partnering with Sr. colleagues to develop risk mitigation plans on HP's most critical assets and 3rd Party risks. The Sr. Technical Analyst compliments other Risk Management Analysts by providing technical leadership and technical analysis for novel risk scenarios, technical assessment of controls and mitigation strategies. The position reports to the Head of GRC & Information Security and works closely with teams in other cyber security, information security, & IT disciplines, capability owners, support, and operations to help provide protection to HP's critical assets.
- Ensure timely execution of Cyber Security and Information Security risk management process execution including analysis, aggregation and reporting of material risks related to HP's third party and information assurance risk management
- Identify issues and root causes & facilitation of risk mitigation plans including security concepts, controls, and awareness & training in alignment with HP Policy & Standards
- Provide consultation on risk management controls to involved stakeholders and partners to effectively manage third party risk
- Provide consultative advice to internal customers that enables them to make informed risk decisions and develop acceptable risk mitigation strategies for highly complex application development programs.
- Review mitigation plans at a technical level to ensure mitigation will produce acceptable residual risk.
- Partner with peer analyst stakeholders (including at minimum: Supply Chain, Factory, IT, Enterprise Risk Management, Procurement) to effectively coordinate execution of security concepts & controls
- Assess maturity and effectiveness of controls
- Prepare and present risk management reports, scorecards, and briefings
- Review key metrics and overall performance with internal stakeholders and appropriate-level third parties
- Support internal & external audit readiness related to 3rd Party and Information Assurance risk management
- Support the implementation of HP Policy, standards, guidelines, tools, and documentation for consistent execution of third party management activities
- Provide deep technical leadership for Information Protection technologies, such as Data Loss Prevention tools
- As needed, participate in risk assessments in other cyber security and information security areas of focus
- Bachelor's Degree in Information Security, Cyber Security, or related
- At least 5 years of related experience in Risk Management, Governance & Compliance, Cybersecurity, Information Security or IT domains that have relatable experience
- Understanding of PCI DSS, ISO 27001/27002, and/or NIST Cybersecurity Framework.
- Security Certifications, such as CCSP, CISM, CISSP, CRISC, CISA or other Information Security or IT disciplines helpful.
- Master/Expert-level skills & experience designing and implementing Data Loss Prevention (DLP) solutions for large scale companies
- Demonstrated experience in engineering cyber security solutions for large organizations
- Strong domain expertise and technology implementation/ integration experience in Data Security / Protection, Encryption & Key Management and one or more of the following areas:
- Identity & Access Management
- End point Security
- Network Security
- Application Security
- Knowledge of applicable industry standards, leading security practices and regulatory requirements
- Excellent interpersonal, written, and oral communication skills.
- Ability to work in a team fostered, fast-paced, multi-tasking, global environment.
- Excellent prioritization and multitasking capabilities.
- Highly motivated self-starter
Meet Some of HP's Employees
Elizabeth focuses on the HP consumer experience, scaling best practices across premium consumer notebooks, testing products before public release, and crafting the compelling story of their design and performance for press workshops.
Back to top