THE ROLE:
The Risk Analyst II investigates and analyzes potential areas of risk to Technology (and Herbalife Nutrition), highlighting and quantifying the risks to help drive business decisions. This role must proactively escalate potential risks to leadership and be outspoken in seeking mitigation actions. As this role progresses, the Risk Analyst will gain responsibility in designing and defining the risk analysis, and serve as an advisor in GTS/DO/Cybersecurity.
HOW YOU WOULD CONTRIBUTE:
- Conduct statistical analyses to determine potential risk and advise leadership
- Track and maintain operational risk register
- Provide vulnerability analysis and produce reports for management.
- Maintain knowledge of the threat landscape.
- Prioritize and report on vulnerabilities discovered along with the remediation timeline(s)
- Send and receive notifications to the SMEs of vulnerabilities within the environment.
- Create vulnerabilities reports and dashboards for leadership.
- Ensure data integrity and quality of data reporting prior to distribution
- Create risk reports and dashboards for leadership
- Create relevant training material and memos to support regulatory and operational compliance awareness
- Coordinate with reporting analysts to communicate analysis to leadership
- Coordinate with cross-functional members across technology functions to collect data
- Capture data SOX compliance and maintain related reports
- Ensures SOX compliance; tracks deficiencies and drives mitigation actions
- Acts as internal and external liaison with auditors
- Coordinate with Vendor Management Analyst to identify potential areas of vendor risk and drive mitigation actions
- Performs additional duties as assigned
WHAT’S SPECIAL ABOUT THE TEAM:
Tech GRC is global team collaborating with IT, Cybersecurity, Privacy, Enterprise Risk among other risk teams in the company, to manage technology risks and provide proactive risk solutions. Our vision is to provide risk information to support fact-based decision making, aligned with our enterprise strategy.
SKILLS AND BACKGROUND REQUIRED TO BE SUCCESSFUL:
- Proficient in related analysis and risk assessment tools
- SOX and GRC (governance, risk, and compliance) experience is a must
- Communication skills to relay results of analysis
- Ability to build strong relationships across various functions of Technology to be able to preemptively identify and communicate risks
Certificates / Training:
- IT, risk and security practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, CSOE, ITIL).
- Certified Information Systems Auditor (CISA)
Education
Required
- Bachelor's in Information Technology or equivalent
Preferred:
- Advanced Technical Degree
