ABOUT THE ROLE

Gartner information security teams are a group of passionate information security professionals dedicated to Protecting, Detecting, and Responding to threats. Our team is filled with lifelong learners who are consistently researching ways to better defend and stay ahead of the threats of tomorrow. We are a collaborative group, where good ideas come together whether they come from the most experienced or the newest members of the team.
Gartner is looking for a well-rounded and motivated Lead Security Analyst to join its Governance Risk Management team which is responsible for providing IT Risk Management; IT Policies, Standards and Controls; and Audit/Governance oversight.
The Lead Security Analyst will be responsible for supporting Gartner’s security control environment by managing risk associated with Information Technology, Information Security, Privacy, Regulatory Compliance and Governance. This individual will play an integral role in: (i) working closely with Information Security partners, and technology stakeholders to audit/test controls; (ii) ensuring risks are identified and understood; (iii) developing and tracking risk remediation plans across our various business units; and (iv) create and maintain effective reporting for risk owners and IT leadership. This individual should have extensive experience with developing and implementing risk frameworks, understanding regulatory requirements, and assessing control compliance.

WHAT YOU WILL DO

• Serve as subject matter expert and manage Risk Reviews / Risks / Risk Exception Requests
• Assess our control effectiveness and conduct control gap analysis against key Frameworks/Standards such as NIST CSF, SOX, CMMC, ISO 27001, GDPR, etc.
• Track and monitor remediation and risk treatment plans.
• Ability to map and report risks, issues, exception, policy to NIST CSF
• Develop testing routines and schedules for our key regulatory requirements.
• Understand and consider all relevant trade-offs required to manage different levels of risk tolerance and risk exposure across the organization and be able to communicate to responsible team members.
• Partner with internal Security Operations and Engineering to ensure risks are well understood and proposed countermeasures are effective at mitigating risk.
• Coordinate with technology, audit, ERM, and information security stakeholders to assess, implement, and monitor information security-related risks/threats.
• Support and advise business-led projects on information security-related risks and standards compliance.
• Lead efforts to implement and maintain security policies and remediation processes.
• Perform proactive technical research to detect emerging risks and threat trends.
• Understand the “voice of the customer” and develop mechanisms to proactively sense adoption and usage patterns of current or emerging consumer technologies so that policy can align with need.
• Develop and provide leadership/peers/business with reporting and timely updates that tells the story needed for each audience.
• Continuously look for ways to improve (quality and efficiency) the process.
• Take ownership of assignments & drive them to completion.
• Work collaboratively across functional areas for innovation to turn new ideas into reality.
• Assist others on the team for Policy and Certification/Assessment efforts, Client support including contract reviews.