Cyber Security Risk Management Senior Analyst
The HP Cyber Security GRC & Information Security team's Risk Management Sr. Analyst is responsible for end-to-end Risk Management and governance of internal and third party risk. The Sr. Analyst ensures risk assessments are completed, associated risk mitigation plans are implemented, and monitored to ensure comprehensive risk management and compliance with regulatory and enterprise requirements. The position reports to the Head of GRC & Information Security and works closely with teams in other cyber security, information security, & IT disciplines, capability owners, support, and operations to help provide protection to HP's critical assets.
- Ensure timely execution of Cyber Security and Information Security risk controls including analysis, aggregation and reporting of material risks
- Identify issues and root causes including oversight and facilitation of risk mitigation plans including security concepts, controls, and awareness & training in alignment with HP Policy & Standards
- Provide guidance on security controls to involved stakeholders and partners with them to effectively manage risk
- Partner with third party management stakeholders (including at minimum: Supply Chain, Factory Chain, IT, Enterprise Risk Management, Procurement) to effectively coordinate execution of security concepts & controls
- Prepare and present risk management reports, scorecards, and briefings as required
- Review key metrics and overall performance with internal stakeholders and third parties
- Support internal & external audit readiness
- Monitor regulatory changes, corporate updates, and geo-political changes and ensure HP cyber security compliance
- Support the development and implementation of HP Policy, standards, guidelines, tools, and documentation for consistent execution of risk management activities
- As needed, participate in risk assessments in other cyber security and information security areas of focus
- Bachelor's Degree in Information Security, Cyber Security, or related
- 4 years of relevant experience across Risk Management, including third parties, or multiple areas within GRC
- Strong governance & compliance background
- Understanding of PCI DSS, ISO 27001/27002, NIST Cybersecurity Framework, COBIT, and ITIL frameworks.
- Certification as a CISA, CISM, CISSP, CRISC, or other Information Security/IT Audit discipline preferred.
- Excellent interpersonal, written, and oral communication skills.
- Ability to work in a team fostered, fast-paced, multi-tasking, global environment.
- Excellent prioritization and multitasking capabilities.
- Highly motivated self-starter who demonstrates initiative.
Meet Some of HP's Employees
Elizabeth focuses on the HP consumer experience, scaling best practices across premium consumer notebooks, testing products before public release, and crafting the compelling story of their design and performance for press workshops.
Back to top