Senior Security Analyst

About The Role

We are looking for a colleague to join our Global Security, Privacy, and Resilience Services team. The goal of the team is to support the entire global Morningstar business, break down silos between the different functional areas, and improve customer service for internal stakeholders. The role will cover several domains like IT Compliance, Governance, Resilience (Business Continuity, IT Disaster Recovery), Information Security, Privacy. The successful candidate will have knowledge and hands-on experience in a minimum of 2 of the above domains.

Job Responsibilities

• Respond to customer Resilience, Privacy, and Security questionnaires.
• Perform Third Party Vendor Reviews for potential Security, Resilience, and Privacy risks.
• Work and communicate with broad range of global employees and provide support for any interactions with the Security, Privacy, and Resilience teams.
• Work with business units and product teams to assist in completing Business Continuity and IT Disaster Recovery Plans.
• Support Morningstar's compliance related responsibilities (SOX, SOC2, PCI-DSS, SEC) by managing collection of audit evidence.
• Support application security related processes.
• Assist with documenting and regularly reviewing security processes and procedures.
• Training and Awareness – support training and awareness programs.
• Advise business partners, on policies and standards.
• Respond to daily operational tickets following defined SOPs.
• Train, mentor and guide junior colleagues.

Qualifications

• A bachelor's degree in computer science or related field.
• Strong communication skills.
• Verbal and written English skills at a professional level.
• Strong organizational skills and the ability to multitask and switch priorities with short notice.
• Previous experience in information security (3+ years).
• Familiarity with security and resilience frameworks (ISO 27001, ISO 22301, NIST, etc.) and general security and resilience concepts.
• Familiarity with IT audits and risk assessments.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong business analysis, research, and analytical skills.
• Enthusiasm to learn and gain hands-on experience across different domains.

Nice to have

Any of the skills below:

• Previous experience in Resilience, including Risk Assessments, Business Impact Analysis, Business Continuity and IT Disaster Recovery planning and testing (1+ years).
• Previous experience in Data Privacy (documenting privacy policies, processes and procedure, Data privacy impact assessments, assessment of 3rd party risks, etc. (1+ years).

Work Environment

Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.