Security Analyst

This job is with Morningstar, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
About The Role
We are looking for new colleagues to join our Global Security, Privacy, and Resilience Services team.

The goal of the team is to support the entire global Morningstar business, break down silos between the different functional areas, and improve customer service for internal stakeholders.

While the role will cover several domains like Privacy, Compliance, Governance, Resilience (Business Continuity, IT Disaster Recovery), experience in all these areas is not required. The successful candidate will have knowledge and hands-on experience in a minimum of 2 of the above domains.

Job Responsibilities

• Respond to customer RFP's, RFI's, Resilience, Privacy, and Security questionnaires.
• Collect and analyze security metrics related to risk and compliance for presentation to senior management.
• Support Third Party Vendor Reviews for potential Security, Resilience, and Privacy risks.
• Work and communicate with broad range of global employees and provide support for any interactions with the Security, Privacy, and Resilience teams.
• Work with business units and product teams to assist in completing Location Risk Assessments and IT Disaster Recovery Plans.
• Support Morningstar's compliance related responsibilities (SOX, SOC2, PCI-DSS, SEC) by managing collection of audit evidence.
• Assist with documenting and regularly reviewing security, processes, and procedures.
• Training and Awareness - support training and awareness programs
• Advise business partners, on policies and standards.
• Perform analysis on potential incidents submitted through the ticketing system to determine potential severity and if escalation is appropriate.
• Respond to daily operational tickets following defined SOPs.
• Track vulnerability tickets to closure, providing guidance, and escalation where necessary.

Qualifications

• A bachelor's degree in computer science or related field.
• Strong communication skills.
• Verbal and written English skills at a professional level.
• Strong organizational skills and the ability to multitask and switch priorities with short notice.
• Familiarity with security and resilience frameworks (ISO 27001, ISO 22301, NIST, etc.) and general security and resilience concepts.
• Familiarity with IT audits and risk assessments.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong business analysis, research, and analytical skills.
• Enthusiasm to learn and gain hands-on experience across different domains.

Nice to have
(any of the skills below)

• Previous experience in information security.
• Knowledge of public cloud technologies and principles, specifically AWS.
• Previous experience in Resilience, including Risk Assessments, Business Impact Analysis, Business Continuity and IT Disaster Recovery planning and testing.
• Previous experience in Data Privacy (documenting privacy policies, processes and procedure, Data privacy impact assessments, assessment of 3rd party risks etc.
• A certification in a relevant domain.

Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.

315_Sustainalytics SRL Legal Entity