Cyber Security Analyst
155 Harlem Avenue Glenview, IL 60025-5811
Position at ITW Corporate The Cyber Security Analyst is part of the Corporate IT team and is responsible for understanding ITW’ s risks and ensuring our mitigation policy and programs are operating effectively. He/she provides guidance on our policies and programs and keeps current on emerging trends and threats through ongoing education and active participation in peer groups.
This role will provide direct expertise to cyber policies surrounding our Corporate systems and may be asked to provide indirect oversight for localized systems at our ITW manufacturing businesses. These businesses vary from smaller, local divisions with fewer locations to larger, complex global divisions, which requires flexibility in approach to align with growth and profitability drivers of each business.
The ideal candidate will thrive in an informal, decentralized culture where decisions are largely consensus-based, and strong execution is expected and valued.
- Perform threat and vulnerability assessments and create a subsequent prioritized remedial action plan
- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
- Recommend the implementation of technical controls to support and enforce defined security policies
- Develop a strong working relationship with the technical operations team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements
- Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks
- Participate in review of SOX controls, GDPR guidelines, Insurance policies and other legal and/or regulatory requirements to ensure Cyber Strategy is accurately reflected
- Review, assess and provide recommendations based on penetration testing exercises
- Provide system monitoring to the daily, weekly, monthly recurring security task list
- Monitor internal controls to ensure appropriate information access levels and security clearances are maintained
- Develop and maintain documentation for security systems and procedures
- Work with 3rd Party Software Providers and Vendor Management Office to ensure that information system security requirements are included in contracts
- Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors
- Outstanding verbal, written and interpersonal communication skills with the ability to interact and build trust across all levels of the organization
- Experience working in a team-oriented, collaborative environment
- Highly self-motivated and directed
- Experience working with legal, audit and compliance departments
- Experience developing, maintaining policies, procedures, standards and guidelines
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity
- Highly organized and respectful of the need to plan amidst multiple priorities
Experience / skills required:
- Bachelor' s degree in Computer Science, Information Systems, Business or related field. Masters degree a plus.
- Minimum of 5 years experience in an information security role or network security administration role
- Experienced in cybersecurity frameworks like NIST, COBIT, ISO 27002
- Experienced within regulatory requirements (SOX, HIPAA, Privacy acts, etc.).
- Certification – CISSP or CCSP or equivalent a plus
- Proven record of building collaborative cross-functional relationships
- Knowledge of information security principles, including risk assessment and management
- Knowledge of network infrastructure including routers, switches, firewalls and associated network protocols and concepts
- 42F Information Systems Technician