Title: Sr Analyst 3rd Party Risk

Requisition Id: 34150

Job Function: Information Systems

Career Area: Corporate Jobs

Work Location: Bannockburn 1 - 2355 (CORP)

About Us:

Stericycle is a U.S. based business-to-business services company and leading provider of compliance-based solutions that protects people and brands, promotes health and well-being, and safeguards the environment. Since our founding over 30 years ago, we have grown from a small start-up in medical waste management into a leader across a range of increasingly complex and highly regulated arenas, serving healthcare organizations and commercial businesses of every size. Every day, we help our customers solve complex challenges by safely managing materials that could otherwise spread disease, contaminate the environment, or compromise one’s identity.

Join us on our mission to protect health and well-being in a safe, responsible, and sustainable way.

Position Purpose:

The Cybersecurity Risk Management Analyst will lead and support activities identifying, measuring, reporting, and treating cyber risks both internally within Stericycle and externally with partners, vendors, and customers. This position works across a diverse landscape of Stericycle, its customers, and third parties to support and mature the cybersecurity risk management / treatment program. This role reports to the Director Global IT Security and will actively collaborate with Legal, IT, HR, Commercial, and Operations functions. This position is hybrid to Bannockburn, IL.

Key Job Activities:

Build relationships, advocate, and consult to different Stericycle functional and business stakeholder groups on areas of cybersecurity.
Lead response activities for customer cyber due diligence / questionnaire requests.
Lead vender cyber risk management capability.
Support development and lead revision of Stericycle security policy, procedure, and standard portfolio.
Support security assessment program and perform internal and external security assessments making recommendations on next step actions.
Work with teams across operations, security, GRC, and IT to build / update security metric reporting and leadership dashboards.
Lead risk register, risk treatment, and risk reporting process.
Assist with incident response or event management as needed. This may include occasional involvement outside of regular work hours and responsiveness is expected.
Perform other duties and responsibilities, as assigned.

Education:

Preferred Education: in Bachelor`s Degree

Experience (North America):

Preferably at least 7+ years’ experience in information technology with focus in cybersecurity, including governance, 3rd party risk, compliance, and cyber risk management.
Knowledge and demonstrable experience utilizing / assessing against common security and controls frameworks: NIST CSF, NIST 800-53, NIST 800-37, ISO27001, CIS Controls (or equivalent).
Knowledge and demonstrable experience utilizing common risk management tools: Archer, ServiceNow IRM, MetricStream, or similar.
Experience supporting risk management processes including risk register, treatment, and reporting.
Experience (5+ years) performing cyber risk assessments.
Demonstrable experience in supporting security metric and risk reporting programs.
Great communicator that can articulate complex risk concepts to both technical and non-technical audiences.
Great listener that can capture and understand stakeholder requirements to translate into security controls.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
CISSP and CRISC Certifications preferred.

Benefits:

Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan. Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.

Our Promise:

Stericycle is committed to attracting and retaining a diverse workforce, and to valuing unique perspectives and identities. We foster a culture of belonging that encourages, supports, and celebrates the diverse voices of our team members. It fuels our innovation and strengthens our connection to our customers and the communities we serve. We are proud to be an equal opportunity employer. All employment is decided on the basis of qualifications, merit, and business need.

Disclaimer:

The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties and requirements of the job. This document does not create an employment contract, implied or otherwise, and it does not constitute any right or guarantee of employment condition. This position is open to people with disabilities. Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources and risks prevention policies and local laws. To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.