Compliance Analyst

This position is responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards, both internal and global like: IATF 16949, NIS2, ISO 27001 or NIST. In carrying out these functions, the analyst’s responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks. The position reports to the Senior IT Compliance Manager of the company.

Key Responsibilities

• Design, coordinate and execute audit process e.g., NIS2 or ISO27001, monitoring and procedures to assess and measure company information security risks and compliance with its security policies and procedures.
• Monitor advancements in information privacy laws and global frameworks e.g., TISAX, ISO, NIST or COBIT to ensure organizational adaptation and compliance.
• Develop, recommend, and establish controls and processes as necessary to protect Tenneco information assets against unauthorized or accidental modification, destruction, or disclosure.
• Creating and coordinating proper reporting channels for compliance issues.
• Developing compliance communications with Tenneco’s Business Units.
• Coordinating required compliance training for employees.
• Provide consulting and technical support services to owners, custodians, and users in defining and deploying cost-effective security controls and protections.
• Document, maintain, and obtain ongoing support for all aspects of the ISMS program.
• Monitor the effectiveness of strategies, activities, measures, and controls designed to protect the Tenneco information assets.
• Serve as Tenneco internal and external point of contact for information security matters regarding information security topics.
• Participate in the Information Security policies lifecycle process, necessary to ensure the security of information and information resources against unauthorized or accidental modification, destruction, or disclosure.

What will make you successful

• Bachelor's degree in computer science, information technology, computer engineering, or a related field.
• CISSP, CISM or ITIL,  ISO27001 Internal/Lead Auditor certifications are preferred
• Experience in implementing and managing information security programs or projects, including KRI creation and maintenance
• Desirable 2 + years of relevant Information Security experience in any organization with background covering design, risk, compliance, governance.
• Excellent communication, organization time management and problem-solving skills
• Exceptional track record of building relationships with stakeholders
• Strong multi-tasking skills with the ability to manage multiple projects
• Ability to function as a Team Player and maintain a good working relationship, yet think and act independently with professionalism, discretion and confidentiality
• Excellent communication, organization time management and problem-solving skills

#LI-AG