Cyber Security Risk Analyst 2 (3rd Party Risk) (Finance)

Overview

We are seeking a full-time Cyber Security Risk Analyst 2 in our Olathe, KS location. In this role, you will be responsible for identifying risk by assessing and monitoring a third-party's adherence to Garmin's information security policies and related controls.

Essential Functions

All:

• Assign preliminary risk profile by identifying the information security risk factors based on data classification, design, functional purpose, and use
• Determine if compensating controls are necessary due to inability to comply with primary control requirements and assist in determining compensating controls when needed
• Work directly with system owners to identify mitigation of known risk
• Complete and present risk assessment evaluations to management stakeholders articulating risk and impact analysis when information security control deficiencies are identified to ensure transparency and appropriate level of acceptance
• Regularly contribute to management reports covering information security risk treatment, mitigation, and risk metrics
• Adhere and contribute to Information Security policies, standards, procedures, technical security baselines
• Conduct security and privacy assessments on third-party vendors and partners which includes initiating discovery sessions, leading architecture assessments, analyzing questionnaire responses, reviewing due-diligence documentation, participating in legal reviews, and facilitating risk reviews in accordance with established procedures
• Participate in development and execution of third-party risk management strategies

Basic Qualifications

• Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, or related field AND a minimum of 2 years relevant experience OR an equivalent combination of education and experience.
• Experience managing risk across all risk management lifecycle stages
• Understanding of industry frameworks and best practices (ex. NIST, ISO, OWASP, CIS, etc.)
• Understanding of network design, security protocols and cloud integration security
• Be team-oriented with ability to influence people without having direct management authority and motivate them to successfully mitigate risk within required timelines.
• Demonstrated strong and effective verbal, written, and interpersonal communication skills along with strong analytical and problem-solving skills
• Demonstrated quality and effectiveness in work documentation and organization
• Ability to convey complex security issues and risks while maintaining a positive relationship with key stakeholders

Desired Qualifications

• Possess an understanding of project management including design review, threat modeling and risk profiling while working across a large, distributed organization and must apply the understanding to a diverse IT community to include policy, regulations, and compliance requirements
• Competent with Microsoft productivity apps (ex. Outlook, Word, Excel, etc.) and experience using Confluence and Jira
• Familiarity with data privacy compliance standards (ex. CCPA, GDPR, etc.)
• Experience with various regulatory compliance, information security, and risk management frameworks
• Working knowledge of vendor risk management tools
• Training and/or certifications such as CCSK, CCAK, CISA, CTPRP, C3PRMP, CTPRA, CRCM, CERP

Garmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran's status, age or disability.

This position is eligible for Garmin's benefit program. Details can be found here: Garmin Benefits