About the role: The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Information Security Team is looking for a Senior IT Risk and Compliance Analyst to join the Governance, Risk and Compliance Team. The Senior IT Risk and Compliance Analyst will be serve a key role in growing the Information Security Team's third party vendor risk management program. This individual will serve as a subject matter expert for third party vendor risk management, perform third party risk management reviews, help expand the program's capabilities, help increase participation in the program and drive process improvements.
This position is based in our Chicago office.
Job responsibilities:
- Execute vendor risk assessments
- Serve as a subject matter expert for security vendor risk management
- Collaborate with the procurement department and other internal stakeholders to improve and expand the vendor risk management program
- Review third party security documents (SOC2, security policies, data flow diagrams, etc.)
- Perform contract reviews of proposed changes to security requirements in our third party contracts
- Liaise with third party vendors as required
Qualifications:
- A bachelor's degree and 5+ years' experience in a vendor risk or compliance related role
- Experience serving performing security vendor due diligence reviews
- Experience performing contract review of security terms
- Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etc.)
- Familiarity with security frameworks (ISO 27001, NIST, etc.) and general security concepts
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Strong business analysis, research and analytical skills
- Excellent communication skills
001_MstarInc Morningstar Inc. Legal Entity
Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
What the Team is Saying
What We Do
At Morningstar, we believe in building great products in-house in a highly collaborative, agile environment where we focus on technical excellence, the user experience, and continuous improvement. Our technologists represent a range of skills and experience levels, but they all view their work as a craft and push technology’s boundaries.
Why Work With Us
Imagining big things is in our blood -- it's transformed us from a company with just a few employees in 1984 to a leading independent investment research company with a worldwide presence today. As of April 2020, we acquired Sustainalytics to drive long-term meaningful outcomes for investors in the ESG space. Join us on this exciting journey!
Gallery
Morningstar Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
