Risk Analyst II

Overview

The Risk Analyst II investigates and analyzes potential areas of risk to Technology (and Herbalife Nutrition), highlighting and quantifying the risks to help drive business decisions. This role must proactively escalate potential risks to leadership and be outspoken in seeking mitigation actions. As this role progresses, the Risk Analyst will gain responsibility in designing and defining the risk analysis and serve as an advisor in GTS/DO/Cybersecurity.

Job Qualifications

DETAILED RESPONSIBILITIES/DUTIES:

1. Conduct statistical analyses to determine potential risk and advise leadership.
2. Track and maintain operational risk register.
3. Provide vulnerability analysis and produce reports for management.
4. Maintain knowledge of the threat landscape.
5. Prioritize and report on vulnerabilities discovered along with the remediation timeline(s).
6. Send and receive notifications to the SMEs of vulnerabilities within the environment.
7. Create vulnerabilities reports and dashboards for leadership.
8. Ensure data integrity and quality of data reporting prior to distribution.
9. Create risk reports and dashboards for leadership.
10. Create relevant training material and memos to support regulatory and operational compliance awareness.
11. Coordinate with reporting analysts to communicate analysis to leadership.
12. Coordinate with cross-functional members across technology functions to collect data.
13. Capture data SOX compliance and maintain related reports.
14. Ensures SOX compliance; tracks deficiencies and drives mitigation actions.
15. Acts as internal and external liaison with auditors.
16. Coordinate with Vendor Management Analyst to identify potential areas of vendor risk and drive mitigation actions.
17. Performs additional duties as assigned.

SUPERVISORY RESPONSIBILITIES:

None

QUALIFICATIONS:

Skills:

Required:

1. Proficient in related analysis and risk assessment tools.
2. SOX and GRC (governance, risk, and compliance) experience is a must.
3. Communication skills to relay results of analysis.
4. Ability to build strong relationships across various functions of Technology to be able to preemptively identify and communicate risks.

Certificates / Training:

Required:

1. IT, risk and security practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, CSOE, ITIL).

Preferred:

1. Certified Information Systems Auditor (CISA).

Experience:

1. 3+ years in IT security, risk, controls, audit and regulatory compliance.
2. Preferred: experience as an IT auditor or working with SOX regulatory requirements.

Education:

Required:

1. Bachelor’s in computer science, risk management, or related degree.

Principles & Related Competencies:

1. Ethical: Complies with policies and procedures; Takes the high road and upholds our values; Maintains confidentiality; Acts with integrity, honesty and respect.
2. Leader: Meets challenges head on to uphold quality standards, productivity goals, and values; Sets an example, building a culture of trust, transparency, and open communication; Is aligned with organizational direction.
3. Collaborative: Works cooperatively with others offers and accepts help; Freely shares information as appropriate; Open to and willing to provide feedback; Strong contributor to the team’s results; Celebrates the individual and the team; Ability to clearly communicate.
4. Looks Beyond Oneself: (Team Player) Demonstrates humility and willingness to recognize and give credit to others; Works well alongside people of different backgrounds and ideas; Builds good relationships with others; Values Distributors and teammates.
5. Drives Innovation: Add value through: Proposing ideas and creative solutions to employee, distributor and/or customer challenges; Listening to and respecting others ideas through collaborating and helping develop those suggestions; Driving ideas forward to implementation.
6. Delivers Change: Delivers Change Through: Adapting to different working environments; Responding positively to change including new duties and assignments.