Security/IT Audit Compliance Analyst (Privacy/GRC)

Security/IT Audit Compliance Analyst (Privacy/GRC)Description:Duties on yearly audits will include:

• Support Third-Party vendor risk assessment processes; utilizing strategic partnerships with multiple internal stakeholder groups (procurement, legal, and business side operations).
• Ensure companies are following all required Global & Regional policies/standards via assessments and audits of existing processes.
• Partner with other internal non-IT, and external groups to stay aware the changing landscape e.g., new legislation and changes to existing legislation.
• Partner with all North America Honda companies to provide support and provide guidance on remediation/countermeasure plans regarding area requiring strengthening in security & privacy.
• Monitor and report on remediation/countermeasure status monthly; working with the remediation owners.
• Support GRC project activities as required to achieve unit level objectives; these may include but are not limited to: monitoring project progress, tracking non-compliant activities, resolving problems, publishing progress reports, remediation consultation, and driving remediation activities to completion.
• Improve technical and business process by studying current practices, identifying problems and recommending solutions.
• Support project managers as requested in performing daily, weekly, monthly, reviews and project updates.
• Maintain and expand current documentation for policy & privacy compliance program activities as required in support of the daily operations.
• Perform other assigned tasks as need for the GRC Unit as requested by leaders.

• Experience with information security, privacy, or related field preferably in the captive finance or banking industries
• Understanding of Third-Party Vendor Risk Management processes & practices (REQ)
• General IT auditing process & practices (REQ)
• Understanding of control framework NIST-800-53, ISO270001, & privacy legislation (REQ)
• Min. of 5 years of direct exp. as Data Privacy Governance, Risk and Compliance (GRC) Analyst (REQ)