IT Risk Management and Compliance Analyst

About Lubrizol  
The Lubrizol Corporation, a Berkshire Hathaway company, is committed to enabling a sustainable future. Our unmatched science unlocks immense possibilities at the molecular level, driving sustainable and measurable results to help the world Move Cleaner, Create Smarter and Live Better. Our solutions are used by people every day, improving billions of lives around the world. 

We value diversity in professional backgrounds and life experiences. By enabling a consistent, unbiased, and transparent recruitment process, Lubrizol seeks to create a positive experience for candidates so we can get to know them at their best. We recognize unique work and life situations and offer flexibility, ensuring our employees feel engaged and fulfilled in every aspect of life. 

The IT Risk Management and Compliance Analyst is a key resource in the development and continuous improvement of all aspects of the company’s global Information Security program. In this role, you will play a key role in identifying and facilitating the elimination or mitigation of risks throughout the global environment. You will also partner with technical teams, advising both on applicable control requirements and potential solutions to address them. Also, you will participate in measuring and reporting compliance with IT policies and standards, ensuring risk management processes are effective and efficient as well as recommend and implement enhancements to the program. This position will be based out of our Global Headquarters in Wickliffe, OH, following a hybrid working model.

What you will do:

• Execute the IT Risk Management processes to identify, assess, evaluate, and treat risks
• Recommend and implement Risk Management Program process improvements
• Facilitate/conduct technology and operational risk and compliance assessments
• Respond and support to risk assessments or audits from external and internal customers
• Partner with technical teams, advising both on applicable control requirements and potential solutions to address them
• Conduct compliance assessments of controls for in-scope systems, including remediation assessments and audit-readiness assessments
• Identify control deficiencies and maintain records of deficiency details including management response documentation and exposure check evidence
• Collaborate on 3rd Party Risk Management program
• Maintain and improve the Information Security Policy Set
• As part of a global information security team, provide insight and recommendations to leadership
• Other information security activities as needed

What you need:

• Bachelor’s degree in Information Technology (IT) or related field, or equivalent relevant experience
• Minimum of 3 years of relevant industry and professional experience (e.g., risk management, audit, third party risk, operational risk, information security, etc.)
• Practical knowledge of third-party risk management, IT risk assessments, operational processes, or applicable techniques for implementation of regulatory requirements
• Basic understanding of security domains including identity, access, authentication, encryption, application security, network security, vulnerability and patch management, information security metrics, policies, standards and procedures, etc.
• Experience with ISO and NIST security standards
• Microsoft Windows-based operating systems and collaboration tools
• Demonstrated understanding of risk management processes
• Knowledge of basic IT security, networking, active directory, etc
• Knowledge of risk management frameworks
• Ability to resolve issues via undocumented methods via research and investigation 
• Experience in documenting issues and solutions to assist end user/co-worker understanding

What will put you ahead:

• CRISC, CISM or CISA certifications preferred
• Expertise in tracking and analysing emerging cybersecurity threats, risks and trends, contextualizing them specific to company business processes, assets and personnel and informing stakeholders preferred
• Experience with CIS controls preferred
• Experience with SAP ECC/S4
• Operational knowledge of a risk management system (SAI360, ServiceNow IRM, etc.) preferred

What Lubrizol offers:

• Competitive salary with performance-based bonus plans
• 401K Match plus Age Weighted Defined Contribution 
• Competitive medical, dental & vision offerings
• Health Savings Account
• Paid Holidays, Vacation, Parental Leave
• Flexible work environment

Learn more at benefits.lubrizol.com!

#LI-MS1 #LI-CM1 #LI-Hybrid 

If you’re interested in the position, we encourage you to apply. Lubrizol is always looking for candidates who embody our cultural beliefs in everything they do. If you’re All In, Lead Decisively, Take Action, Think External, and can Be Courageous, Lubrizol could be the place for you.