Sr Analyst Policy Governance and Cybersecurity Outreach

At Bunge, people don’t just come here to work, they come here to grow – solving challenges that directly impact the world with a diverse team of thinkers and doers. Bunge offers a strong compensation and benefits package, generous paid time off program, flexible work arrangements, and opportunity to progress. Our hybrid work environment provides a balance of in‑office and remote work.

Most importantly, in all we do we live our values:

Act as One Team by fostering inclusion, collaboration, and respect
Drive for Excellence by being agile, innovative and efficient
Do What’s Right by acting safely, ethically, and sustainably

The Sr. Analyst, Policy Governance and Cybersecurity Outreach plays a crucial role in the governance of Business Technology (BT) Cybersecurity policies and standards, the continuous monitoring of internal control frameworks, and in the delivery of the Cybersecurity Outreach and Awareness program to ensure adherence to policy, applicable regulatory compliance, and to support the overall effectiveness of the BT organization.

• Develop, publish, and periodically review BT and Cybersecurity policies and standards to ensure compliance with legal and regulatory requirements, to promote strong internal controls and effective risk management.
• Develop and publish Cybersecurity awareness content to educate employees and stakeholders about cybersecurity risks and best practices.
• Develop and conduct regular cybersecurity training sessions for employees at all levels of the organization, ensuring that they have the knowledge and skills to protect themselves and the company from cyber threats and to adhere to applicable controls, policies, and standards.
• Develop and conduct periodic phishing and other social engineering campaigns to gauge resilience and to prioritize corrective training actions.
• Support the continuous evaluation of control frameworks and regulatory requirements for internal controls for BT and for Cybersecurity.
• Participate in the effective utilization of process automation and reporting through Bunge’s Governance, Risk and Compliance (GRC) automation.
• Actively collaborate and support partner functions across Bunge’s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals.

• Recognized as an expert, both internally & external to Bunge, in Information Technology and Cybersecurity methodologies and frameworks (e.g., NIST, ISO, COBIT, PCI DSS), effective outreach and awareness, training and communications methods across all levels of the organization.
• Drafts, coordinates, and matures BT and Cybersecurity policies and standards, through collaboration with various functions within BT and across various Bunge business stakeholder groups globally (e.g., Enterprise Risk, Legal, Compliance, Privacy), to ensure the adequacy and sufficiency of the policies and standards to support BT and business goals.
• Defines and maintains focused training program materials to strengthen the resilience of employees, contractors and third parties, as well as focused programs for specialized audiences (e.g., executives, privileged users) to protect the organization from cyber threats, which could have significant financial, operational, and reputational impacts to Bunge.

• The design adequacy and operating effectiveness of BT Policies, supporting Standards, exceptions management, in support of the effective Governance of BT.
• Timely, relevant, and targeted monitoring and leadership communications of published policies and standards, proposed changes, individual and aggregated exceptions, and their performance through BT processes and controls.
• Successful attainment of BT and Cybersecurity maturity targets through periodic maturity assessments.
• Cybersecurity awareness programs, initiatives and training sessions developed and conducted.
• Number of / percentage of employees, contractors and applicable third parties who complete Cybersecurity training.

• Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to draft and maintain BT and Cybersecurity policies and standards, to create and execute effective training materials, and to improve the overall posture of Bunge’s BT and Cybersecurity environment.
• Solve highly complex problems that require extensive investigation and advanced application of expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate policy exceptions to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent.
• Stay informed of emerging industry trends and techniques and changes in regulations to support continuous compliance and the maturation of BT and Cybersecurity’s policies, standards, and internal control frameworks.
• Effectively partner with colleagues within Bunge’s Governance, Risk and Compliance function, across BT and Cybersecurity, and with various business stakeholders to ensure the adequacy and sufficiency of internal controls and supporting capabilities.

• Actively contribute to large global projects that include internal control, regulatory compliance, and related capabilities scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals.
• Ability to work with limited direct management to participate in the governance of policies and standards, to improve practices, to coordinate cross functional activities and to successfully deliver strategic outcomes.
• Demonstrate an ability to balance the appropriate design of BT and Cybersecurity Policy Governance and Cybersecurity Outreach capabilities with the realization of critical business capabilities, working within time, technology, capacity, and budget constraints, and leverage this when working with process and control owners.
• Effectively utilize process automation and reporting through Bunge’s Governance, Risk and Compliance (GRC) automation.

• Collaborate and coordinate Governance activities with BT and business stakeholders to ensure proper engagement, effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (e.g., NIST, ISO, COBIT, PCI DSS) as needed.
• Supports the evaluation, prioritization, registration, monitoring, and mitigation of exceptions to policies and standards through collaboration with various functions within BT and across various Bunge business stakeholder groups globally (e.g., Enterprise Risk, Legal, Compliance, Privacy).
• Educate BT leadership and functional areas about Policies and Standards, Cybersecurity awareness, social engineering techniques and how to effectively strengthen the resilience of employees, contractors and applicable third parties to support the achievement of critical business objectives.

• Recognized as an expert, both internally & external to Bunge, in Information Technology and Cybersecurity methodologies and frameworks (e.g., NIST, ISO, COBIT, PCI DSS), effective outreach and awareness, training and communications methods across all levels of the organization.
• Can apply both a measured reactive and a deliberate proactive approach to the Cybersecurity Outreach and Awareness program, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance and performance within risk appetite and policy requirements.
• Apply expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate policy adherence to an acceptable residual level, across various functional areas of Business Technology and Cybersecurity, including longstanding or improvements without a historical precedent.

• Bachelor's degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience.
• 7+ years of experience in policies and standards, internal controls, awareness and training, internal audit, or a related field.
• Extensive knowledge of Sarbanes‑Oxley compliance required.
• Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred.
• Demonstrated experience in the creation and distribution of Cybersecurity Outreach, Awareness and Training content.
• Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred.
• Proven experience implementing Information Technology and Cybersecurity