Tenneco Information Security Compliance Analyst in Lake Forest, Illinois

Information Security Compliance Analyst

Tracking Code

180286-846

Job Description

The Information Security Compliance Analyst will be responsible for the document control program, planning and executing information security awareness campaigns (e.g. simulated phishing campaigns, annual required training, etc.), and assisting with various regulatory compliance initiatives and audits (Sarbanes-Oxley, GDPR, Privacy Shield, ISO, IATF). This person will work with multiple business areas including Internal Audit, Finance, Legal, etc. to assess internal controls, determine their effectiveness and participate in the design and implementation of proper controls, and facilitate the completion of in-scope compliance and auditing activities.

Essential Duties and Responsibilities:

  • Maintains the internal control framework, including mapping to authoritative standards.

  • Uses industry security and compliance standards from external organizations to assess internal controls, determine their effectiveness, and participate in the design and implementation of proper controls.

  • Leads and facilitates the process to respond to customer questionnaires related to information security and IT compliance.

  • Supports and coordinates controls testing and quality assurance activities to determine the effectiveness of controls.

  • Develops and maintains knowledge of legislation changes and leading business practices associated with compliance, evaluates impacts to the Tenneco IT environment, and reports and recommends changes as appropriate.

  • Interfaces with IT, Internal Audit, Finance, external audit and other groups to define, maintain, monitor, and support compliance activities for assurance of company policies and standards.

  • Actively contribute to the annual audit planning process, including the identification of high-risk areas to be audited as well as the planning and coordination of the annual audit plan.

  • Assists IT groups in discussing audit findings with internal and external audit teams, developing audit responses that address the finding and its root cause, and representing IT within audit closing meetings.

  • Conducts periodic follow ups to confirm that previous audit points have been properly resolved, that audit points have not reoccurred and that the root cause of audit points have been addressed.

  • Proactively track and assist IT with action items required to remediate audit issues and delivers metrics and executive reporting related to audit remediation status.

  • Coordinates timely responses to questions submitted to the information security mailbox.

  • Plans and executes semi-annual mock phishing campaigns.

  • Identifies and reports on document management KPIs and metrics.

  • Acts as a key driver to updating document management platform and processes.

Required Skills:

  • A solid foundation in compliance frameworks and security management standards (e.g., I SO 27001:2013, COBIT, and NIST) and other related standards (e.g., ISO 9001 / TS 16949).

  • Proactive, positive, and collaborative approach with demonstrated excellent verbal and written communication skills.

  • Knowledge and experience working across a geographically and culturally diverse organization.

  • Experience in Information Technology, including experience in auditing and security-related areas.

  • Working knowledge of Document Management Practices. Quality Systems International (QSI) Document Control database experience preferred.

Required Experience

Required Qualifications:

  • 4 year University degree in Computer Science, Engineering, Information Systems, Information Security or Mathematics, or Business - required

  • 5+ years of successful experience

Preferred Qualifications:

  • Current industry certifications CIA or CISA preferred

We are an equal opportunity employer. Employment selection and related decisions are made without regard to gender, race, age, disability, religion, national origin, color, gender identity, sexual orientation, veteran status or any other protected class.

Job Location

Lake Forest, Illinois, United States

Position Type

Full-Time/Regular

We are an equal opportunity employer. Employment selection and related decisions are made without regard to gender, race, age, disability, religion, national origin, color, gender identity, sexual orientation, veteran status or any other protected class.