Sr Analyst, Third Party ComplianceBusinesses UNITED TECHNOLOGIES CORP. HEADQUARTERS Job ID 77554BR Date posted 11/30/2018 City Remote City State North Carolina Country US
With revenues of approximately $57 billion, United Technologies Corporation (UTC) is a Fortune 50 company that provides high technology products and services for the aerospace and commercial building industries. Our aerospace businesses include Pratt & Whitney and UTC Aerospace Systems. Pratt & Whitney is a world leader in the design, manufacture and service of aircraft engines. UTC Aerospace Systems is one of the world’s largest suppliers of technologically advanced aerospace and defense products.
Our commercial building businesses include Otis Elevator and Climate, Controls & Security. Otis is the world’s largest manufacturer and maintainer of people-moving products, including elevators, escalators and moving walkways. UTC Climate, Controls & Security is a leading provider of heating, air conditioning and refrigeration systems, building controls and automation, and fire and security systems. These companies are leading to safer, smarter, sustainable and high-performance buildings.
Ranked among the world’s greenest companies, we do business in virtually every country of the world and have over 196,000 employees globally.
United Technologies Corporate headquarters is seeking an experienced and motivated individual to join the Corporate Digital staff to support the Third Party Risk program.
The Third Party Risk Program is responsible for helping to safeguard the company's assets, intellectual property, and computer systems in support of the company's business objectives. The applicant will be responsible for helping to assess the potential risk of engaging and maintaining relationships with third parties, researching and mitigating potential impacts to the organization, and communicating the risks to senior team members. The applicant will work to identify, understand and address security control compliance risks as applicable to the organization due to third party relationships. The focus of this role is working within the UTC Cybersecurity department reporting to the 3rd Party Risk Program Lead.
- Coordinate and execute Third Party IT Security gap analysis, to ensure alignment to accepted frameworks, industry best practices and contract terms and conditions, and provide practical recommendations to remediate 3rd Party’s control deficiencies
- Prepare and present IT audit findings to a cross-functional audience, synthesizing compliance themes and root cause of deficiencies
- Engage business units and third party suppliers to remediate control deficiencies as well as to formalize risk mitigation and ownership
- Coordinate with the GRC team to assess, review and maintain UTC Digital Polices, Standards and Procedures as it relates to 3rd Parties
- Assist with security controls reviews for 3rd parties engaged by UTC, to identify external risks and validate compliance to industry accepted standards
US Citizen or US Person required.
Required experience and skills:
- 4-6 years of Information Security experience, preferred experience in risk and compliance domains
- Understanding of fundamental Information Security and network concepts (data flow models, architecture models, security controls, etc.)
- Demonstrated analytic expertise – to include ability to think critically and logically in a dynamic, high-pressure, fast-paced environment
- Excellent written and oral communication skills
Desired experience and skills:
- Experience writing, reviewing and validating Policy, Standards and Procedures documents
- Experience reviewing and validating Master Agreement and Contract language from a Security Risk perspective
- Experience supporting network security reviews, and validating audit and compliance reviews (SOC1, SOC2 etc.)
- Security certifications (e.g., Security+, CISA, CISSP, CRISC, etc.)
Bachelor’s Degree, with area of study in Computer Science, Computer Engineering, or related discipline(s) preferred. Master’s Degree preferred or not required
United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.