As a Lead Analyst, Cybersecurity Governance, you will hold a pivotal role in assisting with building and implementing governance frameworks tailored to our on-site and SaaS environments, including policies, standards and controls, in accordance with legal, regulatory, and contractual requirements. Additionally, this role will be the driving effort in the continued buildout of a comprehensive cybersecurity risk metrics and reporting program.
In this role you will lead, identify, and implement key metrics and dashboards that provide insights, identify gaps and trends, and emerging risks in our cybersecurity program. The right person for this role will possess a deep understanding of data-driven reporting practices and can articulate insights from complex datasets.
Members of the Cybersecurity Governance team are motivated, detail-oriented, and thrive in a collaborative environment where they will add value to key business partners. This position will require you to be adaptive, willing to drive change and innovation, and work in a fast-paced environment requiring collaboration and the ability to organize and prioritize assignments.
Our Cybersecurity team works remotely; however, we prefer you live within driving distance to a corporate office for the occasional office connectivity days. Office locations including Baltimore, Wilmington DE, Charlotte NC, Dallas/Fort Worth, Phoenix/Tempe, Evansville, IN, and Chicago.
Responsibilities:
- Collaborate across the organization on defining and documenting technology and cybersecurity controls.
- Maintain and update the controls matrix in alignment with multiple frameworks, including SOC2, CIS, PCI and NIST 800-53.
- Interact with related disciplines through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services.
- Partner with stakeholders to manage and implement a comprehensive security risk metrics and reporting program to measure the efficiency and effectiveness of the cybersecurity program for senior management providing insights, trends and recommendations.
- Identify and maintain key performance, risk, and control indicators and risk metrics library that will drive actions and decisions to address areas of risk and improve operational performance.
- Implement solutions to automate and visualize risk metrics reporting through dashboards for key stakeholders using Power BI.
- Apply advanced analytical models to gain additional insights from key risk metrics for data trends and benchmarking.
Qualifications:
- Bachelor's Degree with a focus in Cybersecurity, Information Technology disciplines or equivalent experience.
- Minimum of 3 - 5 years of experience in cybersecurity, technology audit, risk management, or GRC (Governance, Risk and Compliance).
- 3+ years of demonstrated experience in developing cybersecurity metrics, including metrics identification, data collection, and visualization for reporting.
- Knowledge of cybersecurity frameworks, such as NIST, SOC2, and CIS.
- Knowledge of cybersecurity laws and regulations, industry standards and best practices including GLBA 501(b), NYDFS and PCI.
- Experience creating visualizations for executive level presentations using Power BI or other business intelligence tools.
- Strong verbal and written communication and presentation skills with the ability to prepare and deliver complex data in a way that is concise and understandable.
- Strong organizational skills and the ability to manage workstreams and collaborate with technical teams.
- Ability to identify gaps and non-compliance with a standard.
#LI-DWB
OneMain Holdings, Inc. is an Equal Employment Opportunity (EEO) employer. Qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship status, color, creed, culture, disability, ethnicity, gender, gender identity or expression, genetic information or history, marital status, military status, national origin, nationality, pregnancy, race, religion, sex, sexual orientation, socioeconomic status, transgender or on any other basis protected by law.
#J-18808-Ljbffr