​The Governance Analyst reports to the Governance Program Lead. This role will be evaluated based on their ability to perform the duties listed while demonstrating the skills and competencies necessary to be highly effective in the role. This role is responsible for supporting the ongoing development and evolution of the governance program to enable effective decision-making for the purpose of reducing risks across the team and improving the performance of the CISO Office. 

• Assist with strategic planning in support of organizational objectives and key results.
• Support a formal reporting program, to include metrics that track the cybersecurity maturity of the business.
• Ensure consistent branding, messaging, and performance, while leveraging opportunities for collaboration and efficiencies through integrated processes and functions.
• Support the maturation of the leadership steering committees and BISO program.
• Ability to create executive level presentations and reporting for various global audiences.
• Work with Governance Lead Analyst to prioritize initiatives to align with strategic goals.
• Support the remediation of visibility and capability gaps and breakdown roadblocks standing in the way of a robust security posture.
• Research and interpret industry insights and best practices, along with interpreting impact of requirements from governing authorities.
• Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
• Support and comply with the company’s Quality Management System policies and procedures.
• Maintain regular and reliable attendance.
• Ability to act with an inclusion mindset and model these behaviors for the organization.
• Ability to travel 10% of working time away from work location, may include overnight/weekend travel.

• [5+] years of work experience in information security, especially in a governance, risk, and compliance, (GRC) role.
• [5+] years of experience writing and developing Information Security policies, procedures, guidelines, and metrics.
• Experience with Security Awareness & Training tools.
• Experience in reviewing processes and managing tools to proactively monitor and govern the effectiveness of controls and services.
• Demonstrated experience in a governance, risk, compliance concepts.
• Demonstrated experience with security risk management and compliance frameworks (e.g., NIST, ISO, HITRUST, HIPAA, PCI, GDPR).
• Experience supporting governance programs in a globally regulated enterprise, with a significant cloud footprint a plus.
• Experience developing metrics and reporting involving various areas and stakeholders.
• Technically proficient in performing assigned duties at a high-level of independence under minimal supervision while working within a team environment.
• Excellent technical writing skills, communication skills, appropriately adapting based on audience needs, through all mediums–verbally, written, presentation, and listening.
• Able to be agile and work with ambiguity.
• Relevant certification(s) in the field of risk, audit, or program/project management.
• Proficient+ in Microsoft Office programs, such as PowerPoint, Excel, Outlook, and Word.
• Demonstrated ability to perform the essential duties of the position with or without accommodation.
• Authorization to work in the United States without sponsorship.