CASY-MSCCN Jobs

Prologis, Inc. is the global leader in logistics real estate. In partnership with our customers and our communities, we develop modern, high-quality properties that set the standard for innovative building design and sustainability. Prologis owns or has investments in properties and development projects of 1.2 billion square feet in 19 countries and enables 2.8% of the world's GDP. We have committed to achieve net zero emissions by 2040. Beyond real estate, our Essentials platform optimizes the company's global asset portfolio to provide our customers solutions that address today's warehouse and shipping challenges. Prologis Ventures invests in logistics innovation and technology companies to modernize supply chains worldwide.

Job Title: Senior Analyst, IT Governance, Risk, and Compliance (GRC)

Company:

Prologis

Job Description

A day in the life

The IT Governance, Risk, and Compliance (GRC) Analyst will assist with maturing the IT GRC function at Prologis by supporting the assessment and mitigation of key risks in the Prologis environment. The person in this role will work closely with individuals across the organization to understand business needs and recommend and implement new or enhanced requirements/controls. This role resides within the IT Governance team.

Key responsibilities include:

Governance Management

• Deliver training that meets compliance needs and educates Prologis users on policies, risks and best practices (New Hire Orientation, Privilege User Access, Annual Security trainings and Cybersecurity Awareness Month activities)
• Develop/update new and existing IT policies and procedures
• Assist with implementing and communicating IT policies and procedures

• Support and enhance IT policies and processes for data security and privacy Risk Management

• Perform IT risk assessments and recommend risk mitigation strategies

• Assist with development and management of insider threat risk mitigation controls
• Assist with legal hold, eDiscovery, and inter-department data security investigations
• Assist with maturing and managing third-party risk assessments

• Identify recurring problems and risks and recommend proactive measures to eliminate Compliance Management

• Perform annual maintenance and audit of NIST Cybersecurity Framework (NIST CSF) across organization

• Assist with implementing controls consistent with NIST CSF

• Maintain awareness of laws, rules, and regulations governing IT risk, compliance, audit, privacy, and security in the Prologis environment
• Incorporate global privacy laws and regulations (i.e. GDPR) for the markets in which Prologis operates
• Provide assistance with regulatory and risk management activities across IT functional areas
• Work with IT and business teams to ensure systems and application compliance

• Assist with IT SOX Audit Additional Activities

• Contribute to creation and maintenance of the evolving GRC roadmap

• Use market research, stakeholder feedback, and analytic data to understand business needs and identify new requirements

• Remain current on emerging security and privacy risks (current and upcoming privacy legislation), trends, and technologies and share key findings with team
• Implement and mature GRC software
• Support projects focusing on control processes, documentation, and compliance routine Building blocks for success

Required:

• 3+ years of experience in IT GRC, IT security, privacy and/or IT audit role
• Experience with GRC tools/software
• Experience working with the NIST CSF, HIPAA Privacy & Security rule, GDPR, other international and US state privacy laws

• Experience with reporting and presentation tools (I.e. MS Excel, MS PowerPoint and others) Preferred:

• Bachelor's degree in Information Security, Risk Management, Business or a related field

• Professional certification(s) related to information security or information risk management (i.e. CISA CRISC, CIPP/US/EU) or ability to acquire within 12 months of employment
• Experience in producing efficiency through security control consolidation and mapping across various standards and frameworks
• Experience in designing security controls that span multiple standards and frameworks
• Strong understanding of eDiscovery searching capability
• Meticulous attention to detail and accuracy
• Excellent analytical, problem-solving and decision-making skills