Senior Security and Compliance Analyst

About the Role

• We are looking for new colleagues to join our Global Security, Privacy, and Resilience Services team.
• The goal of the team is to support the entire global Morningstar business, break down silos between the different functional areas, and improve customer service for internal stakeholders.
• While the role will cover several domains like Privacy, Compliance, Governance, Resilience (Business Continuity, IT Disaster Recovery), experience in all these areas is not required. The successful candidate will have knowledge and hands-on experience in a minimum of 2 of the above domains.

Job Responsibilities

• Respond to customer RFP’s, RFI’s, Resilience, Privacy, and Security questionnaires.
• Collect and analyze security metrics related to risk and compliance for presentation to senior management.
• Support Third Party Vendor Reviews for potential Security, Resilience, and Privacy risks.
• Work and communicate with broad range of global employees and provide support for any interactions with the Security, Privacy, and Resilience teams.
• Work with business units and product teams to assist in completing Location Risk Assessments and IT Disaster Recovery Plans.
• Support Morningstar’s compliance related responsibilities (SOX, SOC2, PCI-DSS, SEC) by managing collection of audit evidence.
• Assist with documenting and regularly reviewing security, processes, and procedures.
• Training and Awareness – support training and awareness programs
• Advise business partners, on policies and standards.
• Respond to daily operational tickets following defined SOPs.

Qualifications

• A bachelor’s degree in computer science or related field.
• Strong communication skills.
• Verbal and written English skills at a professional level.
• Strong organizational skills and the ability to multitask and switch priorities with short notice.
• Familiarity with security and resilience frameworks (ISO 27001, ISO 22301, NIST, etc.) and general security and resilience concepts.
• Familiarity with IT audits and risk assessments.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong business analysis, research, and analytical skills.
• Enthusiasm to learn and gain hands-on experience across different domains.

Nice to have

Any of the skills below.
• Previous experience in information security and / or security governance (3+ years).
• Knowledge of public cloud technologies and principles, specifically AWS.
• Previous experience in Resilience, including Risk Assessments, Business Impact Analysis, Business Continuity and IT Disaster Recovery planning and testing (1+ years).
• Previous experience in Data Privacy (documenting privacy policies, processes and procedure, Data privacy impact assessments, assessment of 3rd party risks, etc. (1+ years).
• A certification in a relevant domain is a plus.

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.