IT Security Compliance Analyst


  • Gurgaon, Haryana
  • Permanent
  • Full-time
  • 1 month ago
Donaldson is committed to solving the world’s most complex filtration challenges. Employing innovation and breakthrough solutions, we are advancing filtration for a cleaner world. We look for the best people to help us succeed, offering opportunities to learn, effect change, and make meaningful contributions at work and in our communities. This is a place where you can make a world of difference. ​

Follow Us on LinkedIn:

PURPOSE/SUMMARY related to IT and Information Security governance, risk and compliance through the following:
  • Ensuring the appropriate treatment of risk, compliance, and assurance from internal and external perspectives, regulatory requirements, and standards (SOX, NIST 800-171 DoD DFARS, PCI DSS, GDPR, CCPA, internal and external audits and assessments)
  • Coordinating with global cross-functional teams on the day to day operational activities needed to support the Security Governance Risk and Compliance program including analyzing internal and external IT processes and proposing solutions including any mitigating/compensating controls for deficiencies
  • Creating and reviewing IT/Security policies, standards and processes
  • Creating, distributing and tracking information security training programs and phishing campaigns.
  • Performing information security reviews of new and existing vendors, suppliers, partners and clients
  • Creating, distributing and tracking information security risk assessments
  • Drafting and presenting reports and metrics to IT, Security and business management

Risk Management
  • Maintain Risk management initiatives and/or assessments in a Governance, Risk and Compliance (GRC) platform
  • Ability to assess, rate, and prioritize security risks against industry standards, and regulatory requirements
  • Compile information security and compliance risks to report and communicate to leadership and ensure proper awareness
  • Researches general and industry specific security risk trends
  • Collaborates with privacy staff in supporting privacy compliance, governance, policies, data classification, and incident response needs
IT/Security Policy
  • Assist with development and maintenance of information security policies, procedures, standards and guidelines based on industry standards, best practices and compliance requirements
  • Update and publish organization wide security policies, procedures, standards and guidelines
  • Facilitate the policy exception management process by tracking exceptions, evaluating associated risks by working with the other information security staff, and coordinating communication with the risk owner
Vendor Management
  • Lead information security reviews of vendors and suppliers
  • Execute vendor security assessments, review attestations including SOC2 reports, identify efficiency opportunities, partner with the legal team on contract provisions relating to security, champion process maturation initiatives, and improve metrics and reporting related to vendor management
IT Audit Support
  • Works closely with internal and external auditors during SOX testing and other audits
  • Facilitates requests by auditors for supporting evidence from Donaldson personnel
  • Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information systems meet the organization's cybersecurity and risk requirements
  • Placement of findings into Governance, Risk and Compliance (GRC) platform with remediation follow-up
IT/Security Risk Assessments
  • Facilitate the information security risk management program by identifying areas most in need of risk assessment, coordinating risk assessments, creating assessment reports, and performing remediation tracking and follow-up activities
  • Test and collect evidence that controls are designed and operating effectively
  • Assist in mapping out compliance to compliance requirements including internal policies, procedures, standards and guidelines
IT Security Awareness Training
  • Assists in the building of training content
  • Conducts training of personnel within pertinent subject domains
  • Develops, plans, coordinates, delivers and/or evaluates training courses, methods, and techniques as appropriate
  • Assists in the creation and administration of email phishing campaigns
  • Gathers data related to training completion and follows up on it to ensure full participation
  • Communicates accurately in an efficient and effective way, internal and external
  • Train IT staff and business users on IT policies and processes
  • Potential to visits Donaldson locations
  • Develops KPIs for communication to IT management
Come make a World of Difference!

Employment opportunities for positions in the United States may require use of information which is subject to the export control regulations of the United States. Hiring decisions for such positions are required by law to be made in compliance with these regulations. Applicants for employment opportunities in other countries must be able to meet the comparable export control requirements of that country and of the United States.

Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law.


Similar Jobs

  • IT Analyst - Operations & Security (Contract)


    • Gurgaon, Haryana
    Netomi is a Y-Combinator and VC-backed Artificial Intelligence company that sits at the intersection of two rapidly developing fields: AI and customer service. Our clients include …
    • 2 months ago
  • Security Analyst


    • Gurgaon, Haryana
    about the role a) Participate in the security monitoring of mission-critical network nodes and systems, and security devices to detect any anomalies. b) Provide first-level res…
    • 20 days ago
  • Senior Technical Analyst - Application Security

    Fidelity International

    • Gurgaon, Haryana
    About the opportunity Department Description The Information & Technology Risk department is a part of the Global Technology department. The Technology function provides IT ser…
    • 4 days ago
    • Apply easily