The Senior Information Risk and Compliance Analyst is responsible for supporting the Information Security and Compliance Department on all information security and compliance-related policies, standards, and practices across Sirius XM.
Duties and Responsibilities:
Supports the organization's Information Risk and Compliance programs including SOX, PCI, ISO, and other programs by conducting control testing, risk mitigation and evidence validation, and remediation tracking in accordance with COBIT, ISO, and regulatory standards and policies; report issues and operational loss events.
Reviews and monitors the development, implementation, and maintenance, of projects and plans related to information security and information security administration that support Information Risk and Compliance activities. Consults on the design and implementation of security features and protocols through the configuration and change management process, and identifies information security gaps or requirements and impacts resulting from system changes and/or modifications and assist with remediation activities.
Performs information security risk analyses for the corporate network infrastructure including telematics, and other advanced technology environments by performing threat and vulnerability assessments, and analyzing threats and vulnerabilities to determine organizational impact and risk mitigation strategies to assist the organization in protecting information systems and other resources from known and potential threats.
Partners with Information Security leads throughout the enterprise to identify information security risks, classify and prioritize those risks, implements controls to reduce or eliminate risks and ensure adherence to corporate information security policies and standards, and assist in the conduct of software security assessments, and security and vulnerability assessments.
Acts as the subject matter expert on legal and regulatory requirements as it pertains to SOX, PCI, information security, information risk, privacy and other applicable laws and standards and works to align internal and external processes and procedures to these requirements. Monitors activities of assigned area(s) within the enterprise to ensure compliance with applicable internal controls policies and procedures and external laws and regulations.
Designs and manages the Vendor Information Risk Management Program, including maintaining an inventory of third parties who have access to the information technology environments, conducts security and compliance due diligence reviews, and maintains compliance documentation.
Bachelor's degree or equivalent, relevant experience.
Minimum of 5 years of experience in risk and compliance.
Requirements and General Skills:
Ability to work with the development, integration, and infrastructure teams in implementing security controls.
Ability to articulate vulnerability and security risk-based on technical security posture.
Ability to support the development of information security system level plan of action and milestones.
Experience working on complex systems in the security engineering or other system-related role including systems architecture, requirements analysis, integration, and process execution and evaluation.
Good public speaking and presentation skills.
Interpersonal skills and ability to interact and work with staff at all levels.
Excellent written and verbal communication skills.
Ability to work independently and in a team environment.
Ability to pay attention to details and be organized.
Ability to project professionalism over the phone and in person.
Commitment to "internal client" and customer service principles.
Willingness to take initiative and to follow through on projects.
Spelling, grammar, proofreading and editing skills.
Creative writing ability.
Ability to travel when required.
Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.
Must have legal right to work in the U.S.
Knowledge of industry standards and best practices for IT audit -- COBIT, COSO Framework, SSAE 16.
Knowledge of industry standards and best practices for IT security -- ISO 27001/27002.
Thorough knowledge of MS-Office Suite (Word, Excel, PowerPoint, Access).
Fundamental understanding of risk-based information security management, as well as knowledge of applicable regulations, standards, and guidelines pertaining to information assurance (FIPS, NIST, ISO Standards).
Experience in PCI, ISO, and SOX.
Experience in vendor risk management.
Experience in information security and risk policy and standards development.
CISA, CISSP, or CRISC required.
As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.
Internal Number: 18-630
About Sirius XM Radio Inc.
Sirius XM Holdings Inc. is the largest radio company measured by revenue and has approximately 32.7 million subscribers.
SiriusXM’s 200+ channels of world class audio entertainment include Howard Stern, commercial-free, curated music channels representing many decades and genres from rock, to pop, country, hip hop, classical, Latin, electronic dance, jazz, heavy metal and more, exclusive artist-branded channels and concept-based channels. SiriusXM’s programming includes news from respected national outlets, and a broad range of in-depth talk, comedy and entertainment. SiriusXM is also the ultimate destination for sports fans, offering listeners live games and events from the NFL, MLB®, NASCAR®, NBA, NHL®, PGA TOUR®, soccer, and college sports, as well as news, analysis and opinions from more than a dozen dedicated sports talk channels.
SiriusXM comes installed in new vehicles from every major car company in the U.S. and is available in a fast-growing number of pre-owned vehicles.
SiriusXM is also available in the home, office or on the go with the SiriusXM app and on connected devices including smart TVs, Amazon Alexa devices, Apple TV, Roku, Sonos sound systems and Sony ...Playstation. By streaming SiriusXM, listeners also get access to thousands of hours of programming on SiriusXM On Demand.
SiriusXM is a provider of connected vehicle services that give customers access to a suite of safety, security and convenience services including automatic crash notification, stolen vehicle recovery assistance, enhanced roadside assistance and turn-by-turn navigation. SiriusXM provides premium traffic, weather, data and information services for subscribers through SiriusXM Traffic™, SiriusXM Travel Link, NavTraffic® and Nav Weather™. SiriusXM delivers weather, data and information services to aircraft and boats through SiriusXM Aviation™ and SiriusXM Marine™.