Security Governance Analyst [T500-21516]

About ADM :

We are one of the world’s largest nutrition companies and a global leader in human and animal nutrition. We unlock the power of nature to provide nourishing quality of life by transforming crops into ingredients and solutions for foods, beverages, supplements, livestock, aquaculture, and pets.

About ADM India Hub :

At ADM, we have long recognized the strength and potential of India’s talent pool, which is why we have maintained a presence in the country for more than 25 years. Building on this foundation, we have now established ADM India Hub, our first GCC in India.

At ADM India Hub, we are hiring for IT and finance roles across diverse technology and business functions. We stand at the intersection of global expertise and local excellence, enabling us to drive innovation and support our larger purpose of unlocking the power of nature to enrich quality of life.

Security Governance Analyst

Position Summary :

This role will report to the Director Security Governance & Awareness within Global Information & Cyber Security as a member of the security governance team to help with governance of the Information Security program and security risks. Together with the Director Security Governance & Awareness, this role will reduce risk by continuously reviewing, refining, and recommending improvements to the Information Security operating model, policies, standards, and processes and provide reporting and recommendations to the CTO, CISO, and senior leadership.

Job Responsibilities :

Develop, maintain, evaluate and implement policies and procedures aligned with both business requirements and legislative changes, (i.e. ISO 27001 / 27002, COBIT 5, NIST CSF, NIS2, GDPR).

Collaborate with subject matter experts to write policies and standards in line with the ADM Control Framework, based on NIST CSF, ISO 27001 / 27002, SCF (Secure Controls Framework).

Lead control assessment activities addressing security and regulatory requirements, engaging appropriate business units and personnel to plan and execute the ADM Control Governance program, documenting gaps / vulnerabilities and driving risk identification and intake.

Manage and maintain GICS SharePoint sites for security awareness, policies, standards, training, newsletters and reporting of threats.

Implement security policies and standards aligned with enterprise objectives.

Collaborate with subject matter experts to align security and compliance requirements with emerging business needs.

Participate in the development and implementation of security awareness program training, materials, and events. Develop and deliver content to educate the business about the ADM Control Framework and other organizational programs.

Manage Global Information & Cyber Security SharePoint Site, Yammer and Social Chorus, including all security awareness newsletters, videos, promotions, team updates, policies and standards.

Develop and communicate guidelines for enterprise security practices.

Assist with control design and implementation for the ADM Control Framework, including tracking and reporting progress, security control gaps, and metrics.

Proactively identify and collect appropriate and meaningful metrics to be reported in order for the business leaders to make appropriate risk-based decisions.

Monitor compliance with security policies and standards across the organization utilizing reporting and metrics, driving process improvement.

Compile, review, and analyze security information to provide recommendations, metrics, and reports for management review and decision making.

Facilitation and management of security policies, policy exceptions, standards, procedures and guidelines.

Document and track requests for variance from standards. Monitor risk mitigation processes and progress until variances are closed.

Actively stay aware of processes and methods for identifying and addressing non-compliance to information security standards and communicate the findings clearly to business areas.

Collaborate with key business units and capability stakeholders, including, but not limited to, Privacy, IT, Internal Audit, InfoSec, Corporate Security, and HR to develop and improve Information Governance across the enterprise.

Establish security metric baselines and generate reports reflecting current performance against those baselines using Power BI.

Document narrative summary and analysis of the metrics.

Review, track and update company standards for compliance to legal and regulatory requirements. Work with subject matter experts to maintain documentation; modifies or creates new security standards as needed.

Monitor compliance with security policies and standards across the organization utilizing reporting and metrics. Drive compliance improvement to processes.

Document and track requests for variance from standards. Monitor risk mitigation processes and progress with the clients until variances are closed.

Perform functions in a timely manner and with extreme level of attention to detail, urgency and thoroughness.

Job Requirements :

BA / BS degree or higher or equivalent experience.

Minimum of 4-8 years of experience in security and IT / OT related fields.

Experience managing SharePoint sites (web development), posting updates and configuring sites and forms. Basic knowledge and understanding of how information security affects an organization and ability to link it to business processes.

Experience with Security Awareness program management and implementation.

Basic knowledge and understanding of risk assessment and control methods.

Basic knowledge and understanding of end-user computing tools, hardware, application software, network, communications and mobile technologies.

Basic knowledge and understanding of information security policies, standards and processes.

Basic knowledge of electronic record retention policies and standards.

5 years of regulatory requirements and frameworks such as ISO 27001 / 27002, PCI, CIS CSC, SOX, HIPPA, COBIT, GDPR or NIST Cyber Security Framework (CSF).

SANS 401 (can be obtained after employment).

5 years of experience in a GRC discipline. One year of work in a Governance, Risk, Compliance (GRC) function in a highly regulated environment, may substitute for up to 18 months' experience.

Proven success implementing security policies, standards, and / or controls.

Ability to translate strategy into actionable plans impact organizational change.

Familiarity with complex multi-national companies and distributed business models.

Ability to work across the organization, building relationships and influencing peers and management through establishing trust and credibility.

Applies sound judgment and creativity to solve complex problems.

Ability to excel in a rapidly changing environment.

Experience in one or more of the following areas preferred : network administration, systems administration, SDLC / secure soft, encryption, asset management, identity and access management, Audit, Governance Risk & Compliance, IT Operations, Security Risk Management.

Strong verbal and written communication skills; ability to drive discussions and influence decision making; strong presentation and reporting skills. Proficient in technical writing and leveraging various creative mechanisms to communicate to diverse audiences.

Ability to communicate with and create documentation for technical and non-technical audiences.

Strong leadership and communications skills.

Limited travel required.

Desired Skills :

Practical experience implementing NIST, ISO, or other industry standards Certifications, such as CISM, CISSP, CISA, or CRISC.