IT Risk Management Analyst

at  Stericycle

ABOUT US:

Stericycle is a U.S. based business-to-business services company and leading provider of compliance-based solutions that protects people and brands, promotes health and well-being, and safeguards the environment. Since our founding over 30 years ago, we have grown from a small start-up in medical waste management into a leader across a range of increasingly complex and highly regulated arenas, serving healthcare organizations and commercial businesses of every size. Every day, we help our customers solve complex challenges by safely managing materials that could otherwise spread disease, contaminate the environment, or compromise one’s identity.
Join us on our mission to protect health and well-being in a safe, responsible, and sustainable way.

EXPERIENCE (NORTH AMERICA):

• Preferably at least 3-5+ years’ experience in cybersecurity, risk management, compliance, IT governance, or other related functions..
• 3-5+ years experience authoring and managing IT and Security Policies, Procedures, and/or Standards.
• Knowledge and demonstrable experience utilizing / assessing against common security and controls frameworks: COSO / CoBIT, NIST CSF, NIST 800-53, NIST 800-37, ISO27001, CIS Controls (or equivalent).
• 2+ years experience performing IT or Security assessments or audits.
• Knowledge and demonstrable experience utilizing common risk management tools: Archer, ServiceNow IRM, MetricStream, or similar.
• Experience supporting risk management processes including risk register, treatment / remediation, POAM, or reporting.
• Demonstrable experience in supporting security metric and risk reporting programs.
• Excellent writer who can draft new policy, procedure, and standard materials and is also comfortable updating existing materials.
• Great communicator that can articulate risk concepts to both technical and non-technical audiences.
• Great listener that can capture and understand stakeholder requirements to translate into security controls.
• Multi-tasker who is comfortable supporting parallel initiatives with attention to detail.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Bachelors or equivalent.
• 3-5+ Years of Experience in Information Technology preferably in Cybersecurity
• CISA or CISSP (preferred).

The IT Risk Management Analyst will support activities related to the development, management, and compliance with Stericycle IT and Security Policy. This role will report to the Manager – IT Risk Management and will actively collaborate with stakeholders across the enterprise including applicable working groups and committees.