Security Governance, Risk & Compliance Analyst

CROWN Cork & Seal USA, Inc., a wholly owned company of Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods.At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals. 

Duties And Responsibilities:

This position will plan and perform IT risk assessments, IT compliance audits, develop, design, and verify IT internal control effectiveness. 

• Participates in all aspects of audit activities including risk assessments, planning, testing, control evaluation, documentation, report drafting, issue clearance with technology stakeholders, and follow-up/verification of issue closure. 
• Identifies risks, designs controls, and creates testing procedures. Participates in both standalone technology and business integrated audits. Monitors various projects with major application development initiatives and performing continuous risk assessments of coverage areas. 
• Performs hand-on, technical IT internal control testing of information systems.
• Perform IT risk assessments of new technologies, applications, & processes according to risk management procedures and participates in Enterprise Architecture reviews.
• Perform Control Assessments (SOX, PII, PCI, HIPAA) 
• Research/recommend best practices for risk management activities
• Coordinate risk/compliance information for management reporting purposes

Job Requirements:

We are seeking a high-potential individual for this opportunity with the desire and ability to advance within the organization.  Requirements include the following:

• Bachelor's degree in Business or IT or equivalent. 
• 3 years’ experience in SOX, IS Security, Audit, Risk and/or Compliance 
• Good understanding of IT audit, compliance, and risk management methodologies
• Demonstrates strong knowledge in ISO 27001:2013, COSO:2013, COBIT V, NIST, PCI-DSS, 
• Ability to manage appropriate tests aligned to compliance regulations and execute assigned testing
• Hands-on experience working with, and auditing Microsoft Active Directory, Unix/Linux, Databases, Microsoft Office 365, Azure, Webservers, and Networking
• Ability to develop scripts to assist in control testing
• CISA certification
• Knowledge of Excel
• Experience with internal controls, risk assessments, business process and internal IT general control testing or operational auditing
• Understanding in auditing techniques and/or computer control environments
• Successful experience identifying controls, developing, and executing test plans 
• Experience conducting IT risk assessments
• Experience in IT Compliance
• Fundamental knowledge of information security standards (ISO 27001:2013, COBIT 5, NIST)

Core Competencies:

• Natural passion for security and compliance to see both projects and investigations to completion
• Effective oral and written communication, performance management, issue resolution, negotiation, motivating team members, forecasting, and planning
• High level of personal integrity, and the ability to professionally handle confidential matters
• Have strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
• Functional technical knowledge of infrastructure, networking, architecture, security, and applications 
• Meet project implementation targets 
• Highly organized and task oriented.
• Problem solving and troubleshooting skills.
• Ability to prioritize and assign tasks.