Sr. Information Security Analyst

The Sr. Information Security Analyst will deliver information security, IT risk management and data privacy protection solutions to business and technology stakeholder across Randstad Sourceright (RSR). An ideal candidate for this role will have supported information security and data privacy compliance programs in a SaaS environment.  You will be called upon to participate and provide input to execute RSR’s global Data Privacy and Information Security (DPIS) community. 

• Lead the execution of Randstad Sourceright’s information security management project
• Provide input to help define and execute the information security strategy and roadmap initiatives
• Act as lead information security subject matter expert for IT and Product Dev functional teams, internal project teams, business stakeholders, and occasionally client stakeholders to enable the means to fulfill Randstad Sourceright’s operational, legal, and contractual information protection obligation
• Execute and maintain the Information Security Risk Assessment Process to ensure appropriate risk treatment decisions are made for risks identified during risk assessments and compliance audits
• Assist with Randstad Sourceright’s certification and attestations (e.g., SOC 2, ISO 270001, GDPR and CCPA with external auditors
• Analyze exception requests from IT and business stakeholders and determine risk mitigation solutions based and compensating controls to reduce Randstad Sourceright’s potential risk exposure
• Define and lead the execution of Randstad Sourceright’s Third Party Vendor Security Risk Assessment process to ensure the services provided by key third party vendors, suppliers and business partners do not pose a risk to Randstad’s business operations
• Represent Randstad Sourceright on Randstad’s Global Information Security & Data Privacy committee
• Key partner in supporting Sales & Legal with security in sales proposals, audits, and customer security meetings
• Provide content and help administer Randstad Sourceright’s security policy development lifecycle, from policy creation through implementation and periodic updates
• Administer the Security Policy Waiver and Exception Process to ensure all authorized deviations from acceptable information protection practices are tracked and managed
• Partner with Randstad to deliver relevant information security awareness and training education materials to empower an informed, risk aware workforce and help drive improvements to Randstad’s Security Awareness Training Program

Basic Qualifications

• Bachelor Degree in Business, Information Systems or Computer Science
• 7+ years Information Security Risk Management experience
• CISSP Certification

Additional Qualifications

• Master’s degree
• CRISC Certification
• CIPP Certification
• Experience supporting Sales
• Incident Response and Third Party Vendor Management experience or training
• Experience with AWS and other major public cloud environments
• Experience in OneTrust or similar privacy management software
• Experience with SIG risk management questionnaires
• Experience with global considerations for risk assessment (in particular in the US, Canada, and the EU)
• Prior experience in the HR Technology space, and/or experience with CRM, ATS, AI, and digital interviewing systems
• Proficient using Google mail, calendaring and shared drives