Cybersecurity Risk Analyst

Our Cybersecurity team works diligently to ensure NielsenIQ’s software, hardware, and related components are protected from cyber-attacks. We’re constantly developing new security systems, analyzing current systems for vulnerabilities, and handling cyber-attacks in an efficient and effective manner worldwide.

As a Cybersecurity Risk Analyst, you will be a member of the Global Cyber Security department reporting to the Risk team. This role will be conducting vendor security risk assessments to determine if vendors meet our cyber security standards or need to improve in certain areas.  If a vendor needs improvements, remediation options will need to be defined and negotiated with the vendor.  Similarly, this position will also complete risk assessments or audits that clients may request of NielsenIQ. This will involve the completion of cyber security assessment forms with a focus on fostering confidence in the Cyber Security program with our clients. 

This will require experience conducting risk assessments and will work cross-functionally across the entire organization, globally, to ensure effective communication, mitigate risk & negotiate cyber security requirements.  

What you’ll do

• Perform vendor security risk evaluations and scheduled re-assessments as defined by tier of the vendor.
• Monitor risk findings, remediate resolution including development and execution of corrective action plans and ensure follow-on reporting and monitoring
• Drive towards a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and regulatory requirements
• Provide guidance to the business, procurement, and other stakeholders to ensure requirements of VRM are fully understood
• Perform the execution of third-party security risk management program in client engagements
• Engage in RFP and pre-sales activities, and support the commercial team to provide information relevant to the cyber security program.
• Complete annual or periodic cyber security assessments received from clients. Liaison with appropriate product leadership, cyber security team members, and other technology teams to validate technical responses.
• Strong technical and/or IT audit background in/practical knowledge of a wide variety of technologies. Technologies include server infrastructure & operating systems, network & web infrastructures, database architecture, and intrusion detection/prevention systems.
• Strong risk analysis and problem-solving skills.
• Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.
• Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.
• Identifies areas for ongoing process improvement.
• Contribute to procedures and policy development.
• Experience reviewing contracts

We’re looking for people who have

• 2 years experience with vendor risk or operational risk management, audit, or compliance
• Bachelor's degree required
• Exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence and respect of senior-level executives
• Strong understanding of security risk management, integration with enterprise risk management, and the integration with business strategy
• Industry Certifications (CISP, CISM, CISA, CCSP, PMP, etc.)
• Understanding of leading third-party security risk management platforms and tools including but not limited to ServiceNow, OneTrust, BitSight, SecurityScore, etc will be an added advantage
• Must have a broad knowledge of Information technology, Security Architecture review, and methodologies particularly including, for example, NIST CFS, ISO 27001, SSAE 18, PCI DSS
• Knowledge of Microsoft Office tools; specifically, Excel, PowerPoint, and SharePoint
• Minimum of 2 years of assessing technical controls and designing remediation solutions
• Working knowledge of NIST Cyber Security Framework or other similar industry standard frameworks.
• Requires excellent communication, interpersonal skills, and business judgment

All your information will be kept confidential according to EEO guidelines.

About NielsenIQ 

NielsenIQ is a global measurement and data analytics company that provides the most complete and trusted view available of consumers and markets worldwide. We provide consumer packaged goods manufacturers/fast-moving consumer goods and retailers with accurate, actionable information and insights and a complete picture of the complex and changing marketplace that companies need to innovate and grow. Our approach marries proprietary NielsenIQ data with other data sources to help clients around the world understand what’s happening now, what’s happening next, and how to best act on this knowledge.  We like to be in the middle of the action. That’s why you can find us at work in over 90 countries, covering more than 90% of the world’s population. For more information, visit www.niq.com.

NielsenIQ is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability status, age, marital status, protected veteran status or any other protected class.