Lead Security Analyst

This role can sit near one of our Center's of Excellence located in:

Irving, TX

Fort Myers, FL

Arlington, VA

Stamford, CT

with flexible work arrangements, inlcuding a hybrid, virtual first model.

About Gartner IT:

Join a world-class team of skilled engineers who build creative digital solutions to support our colleagues and clients. We make a broad organizational impact by delivering cutting-edge technology solutions that power Gartner. Gartner IT values its culture of nonstop innovation, an outcome-driven approach to success, and the notion that great ideas can come from anyone on the team.

About the role

The Lead Security Analyst will be responsible for supporting Gartner's security control environment by managing risk associated with Information Technology, Information Security, Privacy, Regulatory Compliance and Governance. This individual will play an integral role in: (i) ensuring that policies, procedures and processes are well defined, documented and updated; (ii) working closely with Information Security partners, and technology stakeholders to audit/test controls; (iii) ensuring risks are identified and understood; and (iv) developing and tracking risk remediation plans across our various business units. This individual should have extensive experience with developing and implementing risk frameworks, understanding regulatory requirements, and assessing control compliance.

What you will do:

• Serve as a subject matter expert in risk management to ensure and monitor Gartner's compliance with Industry and Government regulatory rules and requirements across all major business units.
• Develop and revise Policies, Standards, Processes and Guidelines aligned to our key control families.
• Assess our control effectiveness and conduct control gap analysis against key Frameworks/Standards such as NIST, SOX, CMMC, ISO 27001, GDPR, etc.
• Track and monitor remediation and risk treatment plans.
• Develop testing routines and schedules for our key regulatory requirements.
• Understand and consider all relevant trade-offs required to manage different levels of risk tolerance and risk exposure across the organization and be able to communicate to responsible team members.
• Partner with internal Security Operations and Engineering to ensure risks are well understood and proposed countermeasures are effective at mitigating risk.
• Coordinate with technology, audit, ERM, and information security stakeholders to assess, implement, and monitor information security-related risks/threats.
• Support and advise business-led projects on information security-related risks and standards compliance.
• Lead efforts to implement and maintain security policies and remediation processes.
• Perform proactive technical research to detect emerging risks and threat trends.
• Understand "voice of the customer" and develop mechanisms to proactively sense adoption and usage patterns of current or emerging consumer technologies so that policy can align with need.
• Take ownership of assignments & drive them to completion.
• Work collaboratively across functional areas for innovation to turn new ideas into reality.
• Continuously improve our ability to identify, assess, prioritize and mitigate information security risks throughout the organization and come up with recommendations on how to integrate controls as part of standard operating procedures.
• Facilitate collaboration with other engineers, product managers, and leaders to incorporate security risk management across departments, minimize duplication of efforts, and ensure efficient execution.

What you will need:

• Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field.
• 7-10 years of experience in Information Security and proven experience in Security Risk Management
• Proven communication, collaboration, and critical thinking skills.
• Ability to define and communicate risk in a business-relevant language and to non-technical audiences.
• Deep technical expertise in at least one additional area of Information Security.
• Experience with Information Security, Physical Security, Legal, and other IT processes and functions.
• Experience with implementing national and international regulatory compliances and frameworks such
• as NIST Cyber Security Framework, CMMC, ISO, SOX, GDPR, etc.
• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53.
• Have a knack for finding flaws in processes and can efficiently communicate how to fix them.
• Proven ability to communicate and educate Engineering and Architecture teams as to why Information Security is an important function to the business.
• Ability to think like a bad actor and use that context to develop threat models.
• Full-stack knowledge of IT infrastructure:
  • Applications
  • Databases
  • Operating systems (Windows, Unix and Linux)
  • Hypervisors
  • IP networks (WAN, LAN)
• Understanding and working experience with cloud / server / container / vulnerability security tools
• Preferred skills in Microsoft Office, JIRA, and Confluence
• The Lead Security Analyst will evidence his or her knowledge of Security Risk Management through ongoing continuing professional education. The ideal candidate will maintain one or more of the following certifications. CISSP, CISA, CRISC, CCSP, AWS or Azure Security.

#LI-RG2

Who are we?

Gartner delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization's most critical priorities. We've grown exponentially since our founding in 1979 and we're proud to have nearly 16,000 associates globally that support our 14,000+ clients in more than 100 countries.

What makes Gartner a great place to work?

Our teams are composed of individuals from different geographies, cultures, religions, ethnicities, races, genders, sexual orientations, abilities and generations. We believe that a variety of experiences makes us stronger-as individuals, as communities and as an organization. That's why we're recognized worldwide as a great place to work year after year. We've been recognized by Fortune as one of the World's Most Admired Companies, named a Best Place to Work for LGBTQ Equality by the Human Rights Campaign Corporate Equality Index and a Best Place to Work for Disability Inclusion by the Disability Equality Index. Looking for a place to turn your big ideas into reality? Join #LifeAtGartner

What we offer:

Our people are our most valuable asset, so we invest in them from Day 1. When you join our team, you'll have access to a vast array of benefits to help you live your life well. These resources are designed to support your physical, financial and emotional well-being. We encourage continued personal and professional growth through ongoing learning and development opportunities. Our employee resource groups, charity match and volunteer programs keep you connected to your internal Gartner community and causes that matter to you.

The policy of Gartner is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.

Gartner is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company's career webpage as a result of your disability. You may request reasonable accommodations by calling Human Resources at +1 (203) 964-0096 or by sending an email to [email protected].

Job Requisition ID:72943

By submitting your information and application, you confirm that you have read and agree to the country or regional recruitment notice linked below applicable to your place of residence.

Gartner Applicant Privacy Link: https://jobs.gartner.com/applicant-privacy-policy

For efficient navigation through the application, please only use the back button within the application, not the back arrow within your browser.