Security Compliance Analyst / Engineer

Let’s be unstoppable together!

Circana (formerly IRI and NPD) is the leading advisor on the complexity of consumer behavior. Through unparalleled technology, advanced analytics, cross-industry data, and deep expertise, we provide clarity that helps almost 7,000 of the world’s leading brands and retailers take action and unlock business growth. We understand more about the complete consumer, the complete store, and the complete wallet so our clients can go beyond the data to apply insights, ignite innovation, meet consumer demand, and outpace the competition.

At Circana, we are fueled by our passion for continuous learning and growth, we seek and share feedback freely, and we celebrate victories both big and small in an environment that is flexible and accommodating to our work and personal lives. We have a global commitment to diversity, equity, and inclusion as we believe in the undeniable strength that diversity brings to our business, employees, clients, and communities (with us you can always bring your full self to work). Join our inclusive, committed team to be a challenger, own outcomes, and stay curious together. Learn more at www.circana.com. **

What will you be doing?**

This position will analyze risks and help operate the enterprise security program. The position shall serve as a contributor to security assessments including controls assessments, vulnerability assessments, compliance assessments, certifications and related initiatives. **

Job Responsibilities**

• Perform assessments; identify security threats and vulnerabilities across the enterprise; implement controls; provide reporting and analysis to appropriate teams
• Assist in compliance related activities ,promote security practices and audit policies
• Review and take leadership role in responding to customer audit requests and security surveys
• Take appropriate actions to safeguard company information assets against current and foreseen threats
• Threat surveillance; identify emerging threats and potential solutions
• Assist in the implementation of security programs: execute project deliverables as assigned
• Communicate to affected stakeholders including departments within the organization
• Maintain program procedures including guidelines and flow diagrams to be implemented on an ongoing basis
• Communication and outreach: maintain communication with peers throughout the organization and security contacts including Business Units and subsidiary locations; disseminate information regarding security controls and newly identified risks
• Assess and measure security programs
• Remain current on industry standards for security in a technology environment

Requirements

• 3+ years of IT security experience in either an IT Auditor or Security Engineer role or both
• Proven, demonstrated solid experience in ISO 27001 and SOC2 audit functions
• BS Engineering/Computer Science or equivalent experience required
• Licensing/certification preferred (at least one of the following): CISSP, CISA, GIAC, and/or security risk assessment certification

Knowledge/Skills/Abilities Required:

• Strong written and verbal communication skills
• Strong knowledge of regulations such as GDPR, CCPA, etc.
• Understanding of the ISO 27001 audit process, compliance, requirements and responses
• Ability to collect and assess evidence and documentation pertaining to audits and certifications
• Ability to present information to internal and external clients in line with company objectives
• Solid understanding of vulnerability assessment, threat analysis, and reporting
• Monitoring of security systems for threats
• Knowledge of security environments
• Understanding of industry standards
• Understanding of endpoint security solutions, including file integrity monitoring and data loss prevention
• Experience with client contract review and managed services
• Global experience preferred

Technical Skills:

• Expertise in conducting internal IT Security audits and responding
• Experience with vulnerability management, penetration testing, internal and external scanning, OWASP and remediation management
• Understanding of endpoint security solutions, including file integrity monitoring, mobile device management, vulnerability scanning and data loss prevention technologies
• Practices in Change Management and Service Request review and approvals
• Experience with dedicated and Cloud computing/Elastic computing across virtualized environments

Circana Behaviors

As well as the technical skills, experience and attributes that are required for the role, our shared behaviors sit at the core of our organization. Therefore, we always look for people who can continuously champion these behaviors throughout the business within their day-to-day role:

• Stay Curious: Being hungry to learn and grow, always asking the big questions
• Seek Clarity: Embracing complexity to create clarity and inspire action
• Own the Outcome: Being accountable for decisions and taking ownership of our choices
• Center on the Client: Relentlessly adding value for our customers
• Be a Challenger: Never complacent, always striving for continuous improvement
• Champion Inclusivity: Fostering trust in relationships engaging with empathy, respect and integrity
• Commit to each other: Contributing to making Circana a great place to work for everyone

Location

This position can be located in the following area(s): United States (preferred) Eastern or Central time zones preferred.

_The below range reflects the range of possible compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range. This range may be modified in the future. An employee’s position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs. The salary range for this role is $80k to $90k.

_ _This job is also eligible for [bonus/incentive/commissions/equity] pay.

_ _We offer a comprehensive package of benefits including [paid time off, medical/dental/vision insurance and 401(k)] to eligible employees.

_ _You can apply for this role through [methods to apply (e.g., Careers website link and/or Intranet site for internal candidates)].

_