Cybersecurity Privacy Analyst

Job description

Atos is a global leader in digital transformation with 120,000 employees in
73 countries and annual revenue of € 13 billion. European number one in Cloud,
Cybersecurity and High-Performance Computing, the Group provides end-to-end Orchestrated
Hybrid Cloud, Big Data, Business Applications and Digital Workplace solutions through its
Digital Transformation Factory, as well as transactional services through Worldline,
the European leader in the payment industry. With its cutting-edge technologies and industry knowledge,
Atos supports the digital transformation of its clients across all business sectors.
The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and
operates under the brands Atos, Atos Syntel,Unify and Worldline. Atos is listed on the CAC40 Paris stock index.

 

As a member of Mallinckrodt’s Security team, this role proactively performs third party IT risk assessments and coordinate with project teams and the business to ensure minimum requirements are met. The candidate will also develop, implement, and execute compliance testing, continuous assurance, and reporting programs within an assigned region in accordance with the Compliance Assurance (CA) Plan. The successful candidate for this position is a highly motivated individualthat will develop effective relationships within Cybersecurity function and with other stakeholders including business and technology process owners, procurement & legal. Promoting knowledge sharing and promulgation of best practices across IT and the business with minimal supervision in a highly dynamic environment.

As a member of the overall Information Security Team, the key responsibilities are:

Third Party Risk Assessments

·  Perform reviews of security reports provided by third parties and complete surveys received from third parties based on security guidelines and industry standards
·  Work with Deskside support, server administration & other parts of IT to understand security requirements
·  Monitoring the risk environment and assesses the emerging risks
·  Project manage new Supplier Risk Assessments (SRAs)
·  Do follow ups on Privacy Qnaire, Tech Qnaire /SOC audit rpt, contract, VA
·  Prepare weekly Vendor Review meeting agendas including statuses, follow-ups, group technical/architecture reviews, questions for CISO, e.g., on contract negotiations
·  Obtain authorizations for Vulnerability Assessments
·  Document and follow up on all remediation/controls needed
·  IAM (Identity and Access Management)
·  VA recommendations
·  Log integration
·  Other systems as required
·  Coordinate/track acceptance of risk sign-off/documentation (CISO/Enterprise Risk Committee level)
·  Review vendor documentation submissions
·  Technical questionnaires
·  SOC audit reports
·  Privacy questionnaires (possibly)
·  Request clarifications from suppliers
·  Coordinate with SOC and Cybersecurity Architect to conduct Vulnerability Assessments

Contracts

·  Advise Procurement / Legal re required contract contents when not straightforward Short form vs Long form
·  Customize SCCs (privacy)
·  Review GDPR Data Protection Agreements against checklist
·  Use playbook for review of Cybersecurity Addendum (CA) markups by vendor Send all completed CAs to Legal to ensure entered in Ariba
·  Send all completed SCCs to Legal to ensure entered in Ariba

Privacy

·  Maintain Record of Processing Activities (ROPA)
·  Perform Legitimate Interest Assessments (possibly)
·  Perform Privacy Impact Assessments / Data Protection Impact Assessments (possibly)
·  Catchup privacy incident log and documentation

Audit Findings

·  Support or perform corrective action plan (CAP) validation of issues identified
·  Informing CA management of significant compliance matters that require their attention or action.
·  Catchup the ROPA – go through vendor assessments complete or in progress
·  Catchup DPIAs (possibly)
·  Coordinate (follow up with Procurement on) getting massive vendor list entered through Cherwell SRA
·  Assist in creation of privacy incident SOP / playbook / checklist (more detailed than policies)
·  Go through ALL old Cherwell tickets, SharePoint tracker and Excel tracker – close, document, get caught up

Miscellaneous

·  Draft phishing education emails to be sent by CISO based on Suspicious Email submissions

Other duties as assigned with or without accommodation by the Security Operations Center Manager.

 

 

Education or Experience:

Graduation with a degree from a recognized university with specialization in Computer Sciences or a related discipline, combined with a minimum of one (1) year of directly related practical experience and demonstrated ability to carry out the functions of the job.

OR

Completion of two years of an acceptable post-secondary educational program in Computer Sciences from a recognized community college, or in a related discipline, combined with a minimum of two (2) years of directly related practical experience and demonstrated ability to carry out the functions of the job.

Required:

 

·  Thirst for knowledge, inquisitive nature, and keen interest in actively participating in SOC expansion.
·  1-3 years' work experience  in IT Audit, Cyber security, IT risk & compliance and/or privacy classes (desired)
·  Strong analytical & problem solving skills. Must be a self-starter, flexible, innovative and adaptive
·  Can convey complex & technical issues to diverse audiences, orally & in writing
·  Demonstrated knowledge of current Microsoft products (especially Excel, Word & PowerPoint), IT security tools & basic coding
·  Collaborates with other to find solutions that work for both the business and meet privacy and security requirements & standards.
·  Knowledge of Compliance laws, rules, regulations, risks and typologies including privacy.
·  Experience with auditing principles including audit planning, risk assessments, development of risks and controls matrices, processes and controls design assessments, controls operating effectiveness testing, transactional testing, and reporting activities.
·  Experience in planning, executing, and reporting on compliance testing reviews and regulatory issue validation activities
·  Exhibit project management, interpersonal, sound decision-making and intuitive thinking skills.
·  Understanding of rules, laws, and regulations, and specific regulatory requirements including privacy.
·  Recommends appropriate and pragmatic solutions to risk and control issues.
·  Applies knowledge of key regulations to influence audit scope.
·  Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization
·  Certified Information Privacy Professional (CIPP), experience in General Data Protection Regulation (GDPR) or equivalent is a plus

 

Your Application
If you wish to apply for this position, please click below to complete our online application form and attach your CV in either Word, rtf or text format.
Atos does not discriminate on the basis of race, religion, colour, sex, age, disability or sexual orientation. All recruitment decisions are based solely on qualifications, skills, knowledge and experience and relevant business requirements.
We are committed to making reasonable adjustments to the applications process for people with disabilities.