Senior Security and Compliance Analyst

2 Months ago • 3 Years + • Cyber Security

About the job

Job Description

Morningstar seeks a Senior Security & Compliance Analyst with 3+ years of experience in infosec or governance. Responsibilities include RFP responses, risk & compliance analysis, third-party vendor reviews, and supporting compliance initiatives like SOX, SOC2, PCI-DSS, and SEC. Strong communication, organizational, and analytical skills are essential. Familiarity with security & resilience frameworks (ISO 27001, ISO 22301, NIST) and IT audits is required.
Must have:
  • Information Security
  • Security Governance
  • Risk & Compliance
  • IT Audits
Good to have:
  • Public Cloud
  • AWS Experience
  • Data Privacy
  • Resilience Planning
Perks:
  • Hybrid Work
  • Global Team
Not hearing back from companies?
Unlock the secrets to a successful job application and accelerate your journey to your next opportunity.

About the Role

• We are looking for new colleagues to join our Global Security, Privacy, and Resilience Services team.
• The goal of the team is to support the entire global Morningstar business, break down silos between the different functional areas, and improve customer service for internal stakeholders.
• While the role will cover several domains like Privacy, Compliance, Governance, Resilience (Business Continuity, IT Disaster Recovery), experience in all these areas is not required. The successful candidate will have knowledge and hands-on experience in a minimum of 2 of the above domains.

Job Responsibilities

• Respond to customer RFP’s, RFI’s, Resilience, Privacy, and Security questionnaires.
• Collect and analyze security metrics related to risk and compliance for presentation to senior management.
• Support Third Party Vendor Reviews for potential Security, Resilience, and Privacy risks.
• Work and communicate with broad range of global employees and provide support for any interactions with the Security, Privacy, and Resilience teams.
• Work with business units and product teams to assist in completing Location Risk Assessments and IT Disaster Recovery Plans.
• Support Morningstar’s compliance related responsibilities (SOX, SOC2, PCI-DSS, SEC) by managing collection of audit evidence.
• Assist with documenting and regularly reviewing security, processes, and procedures.
• Training and Awareness – support training and awareness programs
• Advise business partners, on policies and standards.
• Respond to daily operational tickets following defined SOPs.

Qualifications

• A bachelor’s degree in computer science or related field.
• Strong communication skills.
• Verbal and written English skills at a professional level.
• Strong organizational skills and the ability to multitask and switch priorities with short notice.
• Familiarity with security and resilience frameworks (ISO 27001, ISO 22301, NIST, etc.) and general security and resilience concepts.
• Familiarity with IT audits and risk assessments.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong business analysis, research, and analytical skills.
• Enthusiasm to learn and gain hands-on experience across different domains.

Nice to have

Any of the skills below.
• Previous experience in information security and / or security governance (3+ years).
• Knowledge of public cloud technologies and principles, specifically AWS.
• Previous experience in Resilience, including Risk Assessments, Business Impact Analysis, Business Continuity and IT Disaster Recovery planning and testing (1+ years).
• Previous experience in Data Privacy (documenting privacy policies, processes and procedure, Data privacy impact assessments, assessment of 3rd party risks, etc. (1+ years).
• A certification in a relevant domain is a plus.

 

315_Sustainalytics SRL Legal Entity

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.

View Full Job Description

Add your resume

80%

Upload your resume, increase your shortlisting chances by 80%

About The Company

Singapore (Hybrid)

New Delhi, Delhi, India (Hybrid)

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (On-Site)

New Delhi, Delhi, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Chicago, Illinois, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Bucharest, Bucharest, Romania (Hybrid)

View All Jobs

Get notified when new jobs are added by Morning Star

Similar Jobs

Morning Star - Lead Software Engineer (Oracle EBS)

Morning Star, United States (Hybrid)

Sinch - Data Platform Engineer

Sinch, Sweden (Hybrid)

paypal - Senior Manager, AI/ML Platform

paypal, United States (On-Site)

Ajmera Infotech - DevOps Engineer

Ajmera Infotech, United States (On-Site)

Salesforce - Director, Network Security Engineering

Salesforce, India (On-Site)

Trellix - Senior Software Development Engineer

Trellix, United States (Remote)

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Get notifed when new similar jobs are uploaded

Jobs in Bucharest, Bucharest, Romania

PwC - SAP Sales and Distribution

PwC, Romania (On-Site)

Playtika - VIP Account Management Team Leader

Playtika, Romania (Hybrid)

PwC - SAP Data Migration Architect

PwC, Romania (On-Site)

Ubisoft - Engine Programmer [Snowdrop]

Ubisoft, Romania (Hybrid)

PwC - ESPC Service Agent

PwC, Romania (On-Site)

Electronic Arts - Game Creation Operations Engineer

Electronic Arts, Romania (Remote)

Nagarro - Staff Engineer, Java

Nagarro, Romania (On-Site)

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Western Digital - Manager, Security

Western Digital, India (On-Site)

Forcepoint - Escalation Engineer- III

Forcepoint, India (On-Site)

Mimacom - Information Security Officer

Mimacom, Spain (Hybrid)

Accurate - Information Security Engineer

Accurate, India (Hybrid)

Forcepoint - Software Engineer- II - Golang Developer

Forcepoint, India (On-Site)

ByteDance - Cloud Security Solution Architect, APAC

ByteDance, Singapore (On-Site)

Redhorse Corp - Industrial Security Policy SME

Redhorse Corp, United States (On-Site)

forescout - Customer Success Manager

forescout, United States (On-Site)

Get notifed when new similar jobs are uploaded