A fortune 100 organization is seeking an OT Risk Analyst that will sit fully remote for a longterm contract. The Operational Technology (OT) Risk Analyst will assists with the Global Technology (GT), Operational Technology (OT) and Third Party Risk (TPR) programs to identify, treat and reduce risk related to the insecure use of plant-specific technology, third party technology and service providers for Global Technology.
The Analyst will lead, take-charge, engage in team related events and when needed individually manage assessments and remediation, including tracking and reporting progress, of security control gaps. Additionally, the Analyst will leverage various sources of data to assess the security program and associated practices, highlight risks and control gaps associated with the Vendor/Third Partys security program, categorize the potential risks based on severity, and identify potential mitigation strategies.
The Analyst will participate in onboarding and maintain ongoing due diligence of risk associated with third party relationships; compile, review, and analyze risk and control information to formulate recommendations and create metrics and reports for management review and decision making.
Working as part of a team, the Analyst will collaborate with various GT, OT and Business resources to evaluate financial, operational, governance, process, and efficiency considerations; so that a holistic overview with cradle to grave scope for threats, vulnerabilities and risks and can become interwoven into IT Risk, Third Party Risk and OT Risk accordingly.
Additionally, the analyst will be responsible for identifying and tracking continuous monitoring activities to ensure the risks associated with active suppliers has not changed or exceeded risk tolerance thresholds.
IN THIS ROLE, YOU WILL:
Integrate the Risk Management Framework (RMF) process within the OT (facility/plant) environment to ensure Threats, Vulnerabilities and Risks are treated throughout the RMF lifecycle.
Mature the tiering methodologies and improve processes or features within OneTrust to maintain tiering data for Assets and Third Parties.
Collaborate and contribute with the creation, documentation, and implementation of repeatable processes for onboarding, ongoing monitoring and offboarding of OneTrust Third Party and OT relationships.
Determine how the risk domains applicable to the OT, TPR, GT Risk environments impact Operational and Enterprise level risk.
Establish OneTrust Risk Dashboards and reporting with advanced metrics.
Contributes with monthly and quarterly metrics or as-required reporting to management by analyzing and reporting on IT security controls and risk exposure.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
Five to Ten (5-10) years direct experience in a Third-Party Risk Analyst role is required.
Direct experience with Plant automation system and tools, network security, endpoint security and managing corresponding threats, vulnerabilities and risk mitigation framework lifecycle.
3+ years of experience with a Governance-Risk-Compliance (GRC) software suite (OneTrust, Archer, Xacta, Workiva, etc, etc) is required; prefer direct experience with OneTrust.
Must be able to demonstrate a strong understanding of Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX) is required; prefer multiple framework experience vs a single framework experience.
Certification in; CISSP, CRISC, CASP, CYSA or Security+ CE is preferred.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.