Description
For more than a century, Weyerhaeuser has grown and harvested trees to make innovative products that meet important human needs. We’re serious about safety, focused on performance and proud of what we do. In every corner of our company, you’ll find talented people who care about each other, the communities where we operate, and the planet we all share. Sustainability is the founding concept of our business and our values drive every decision to ensure we continue to lead the forestry industry in sustainability practices. And we know about sustainability – we invented it for the forestry industry when we planted our first seedling by hand in 1938. For over 100 years, our Weyerhaeuser team has been making a difference in the world – from the seedlings we plant, to the forests and trees we nurture, we ensure every acre is managed with diligence, patience, and pride.
We are on a mission to transform the timber industry. We are building value through innovation utilizing new IIoT, drone, and mobile devices, and transforming our presence in the cloud. Our connected forests and mills rely on the culture of sustainability and safety that permeates everything we do – including the safety and security of our business systems and data.
Our IT Governance team focuses on the implementation and management of IT controls to reduce risk in systems across the company. We enable safe, compliant systems and processes in our business environment that are dynamic, global, and always on.
We’re looking for a Senior IT Governance Analyst who is passionate about the enablement part of securing technology. It’s one thing to understand various approaches to securing and operating the technology stack, and quite another to implement practical solutions to make it happen and ensure it stays that way. We work across all teams and technologies from traditional financial applications to modern cloud apps, innovative mobile solutions for our field ops, and point solutions in our manufacturing environment. The common thread is identification and mitigation of risk by implementing and maintaining appropriate controls. But it’s the people and process that are key to making that happen.
As part of the Project Management Office (PMO), you’ll work closely with Cybersecurity, Enterprise Architecture, IT Service Management, and Procurement to ensure that new tools and services are architected securely and have appropriate controls in place prior to transitioning to production.
Operationally, you’ll help administer the system of record for risk and controls (AuditBoard), and ensure records and evidence for adherence to controls are maintained. You’ll work with the internal audit team and ensure IT teams understand the types of evidence required to prove to others that our systems are secure and operating as designed. You will be exposed to the entire lifecycle of governing IT systems.
Positions on this team require an excellent base knowledge of risk management, basic security and identity knowledge, and excellent communication and collaboration skills.
Primary Responsibilities

Primary responsibility is to perform complex analysis, problem solving, implementation, and documentation, and deliver solutions following standard risk and project management methodologies. Prior experience in the intricacies of IT audit, risk, and controls design is essential.

• Assist IT project teams in embedding standard controls requirements into their projects, help them to design innovative solutions, and evaluate compliance gaps/residual risk prior to go live.
• Provide regular status reports to the team and leadership.
• Provide analysis of complex technology risks and their potential impact on business processes. Suggest and help implement ways to mitigate those risks.
• Work in concert with stakeholders to reduce risk by defining and implementing technical standards and procedures where needed.
• Write and maintain policy and standards documentation as needed.
• Drive the standardization and automation of periodic control performance through issuing, tracking, and reviewing tasks in AuditBoard.
• Educate and consult with process and control owners on an effective IT control environment, evidence required for audit purposes, and remediation activities.
• Identify compliance objectives and map program deliverables to the requirements.
• Perform regular reviews of internal IT control effectiveness and process compliance.
• Help create and maintain dynamic dashboards for visibility of activities in AuditBoard.
• Work effectively across teams and with internal and external auditors to facilitate audit performance.

Qualifications

EDUCATION

• Bachelor’s degree is required

EXPERIENCE

• Minimum of five (5) to seven (7) years of progressive, relevant experience

QUALIFICATIONS

• This position requires stellar communication skills due to the nature of what we do. You must be able to communicate effectively, verbally and in writing, to all levels of technical and non-technical audiences.
• Deep knowledge and prior experience in SOX and ITGC audit
• CISA, CRISC, GCCC, GSEC or related certification preferred
• Prior experience in the intricacies of controls design (not just inspection) and defense in depth.
• Experience in reviewing SOC reports and determining appropriateness of entity compensating controls
• Proven experience in proactively identifying potential risks, issues, and opportunities offering meaningful recommendations that address the root cause.
• Knowledge of industry standard security and control frameworks such as CIS, NIST, COBIT, and ISO
• Experience defining requirements for moderately complex products/solutions
• Highly effective at influencing at all levels of an organization in a collaborative environment to implement effective compliance measures and policies
• Able to multi-task and manage multiple priorities concurrently
• Experience in Project management/delivery frameworks
• Knowledge of Software Delivery Lifecycle, Agile, DevOps, and Change Control principles
• Self-starter that actively displays a commitment to quality and a passion for operational excellence
• Innate curiosity and ability to dig into details without losing sight of the overall objective

Candidates with experience in the following are preferred:

• Native control sets in AWS & Azure
• SDLC controls and deliverables related to projects of all sizes
• Knowledge of IT/OT/ICS environments
• Understanding of the intricacies of control environments in SAP S4, BTP, C4C
• Administration of, or core work within AuditBoard or other GRC tools
• ITIL v4/service management training
• Basic AI knowledge
• Basic query writing, advanced Excel, and Power BI

Please refer the Job description for details