Information Risk Analyst

Who We Are:

Since 1906, New Balance has empowered people through sport and craftsmanship to create positive change in communities around the world. We innovate fearlessly, guided by our core values and driven by the belief that conventions were meant to be challenged. We foster a culture in which every associate feels welcomed and respected, where leaders and creatives are inspired to shape the world of tomorrow by taking bold action today.

JOB MISSION:

As a member of the New Balance Information Security team, the Information Security Risk Analyst will primarily support New Balance's Third-Party Risk Management program and report to a team lead in North America. This role involves conducting third-party risk assessments, managing New Balance compliance program, and collaborating with various stakeholders to mitigate risks in a complex global retail, manufacturing, and logistics environment to protect our brand reputation, company assets, associates, and customers from threats.

MAJOR ACCOUNTABILITIES:

• Third-Party Risk Assessments:Conduct comprehensive risk assessments for third-party vendors to ensure compliance with internal New Balance standards as well as PCI DSS, CTPAT, and NIST CSF requirements.
• Compliance Management:Develop, implement, and maintain third-party compliance program/s. Ensure all policies and procedures are up-to-date and in line with regulatory and established internal New Balance security standards and compliance requirements.
• Vendor Due Diligence:Perform due diligence on new and existing vendors, including reviewing security assessment artifacts, privacy policies, and compliance documentation.
• Audit Support:Prepare for and facilitate internal and external audits related to third-party risk management. Provide necessary documentation and evidence to internal and external auditors.
• Policy Development:Support the creation and updates of New Balance policies and procedures related to third-party risk management to ensure compliance with relevant standards.
• Training and Awareness:Conduct training sessions and awareness programs for New Balance associates to ensure understanding and adherence to compliance requirements.
• Incident Response and Disaster Recovery:Assist in the development and execution of incident response and disaster recovery plans involving third-party vendors. Investigate, report, and respond to security incidents in a timely manner.
• Reporting:Generate regular reports on third-party compliance status, risk assessments, and risk findings. Present findings to senior management and recommend corrective actions.
• Collaboration:Work closely with New Balance Legal, Privacy, IT, Enterprise Risk Management Audit teams, and other departments to ensure a cohesive approach to third-party risk management and compliance.

REQUIREMENTS FOR SUCCESS

• Education:Bachelor's degree in information security, Computer Science, or a related field or equivalent experience.
• Experience:Minimum of ~3 years combination experience in retail, manufacturing, and logistics risk management, compliance, or a related role, with a strong understanding of third-party risk assessment methodologies, vendor management lifecycle, and relevant regulatory requirements.
• Certifications:Relevant certifications such as CRISC, CTPRP, CTPRA, CISA, CISSP, or CISM are preferred.
• Self-starter, ability to independently work and prioritize tasks.
• Excellent analytical, communication, and multiple project management skills.
• Strong understanding of regulatory requirements.
• Effective development of risk mitigation strategies, applying controls, developing and consulting on compensating controls.
• Experience with technology and compliance frameworks such as PCI DSS, CTPAT, NIST CSF, ISO 27001, SOC 2.
• Proficiency with using TPRM/GRC tools and software.
• Evaluation and administration of tools and technologies to support New Balance Information Security programs.
• Familiarity with identity and access management (IAM) solutions, information security tools and processes.
• Ability to communicate with technical and non-technical audiences.

Regular Associate Benefits

Our products are only as good as the people we hire, so we make sure to hire the best and treat them accordingly. New Balance offers a comprehensive traditional benefits package including three options for medical insurance as well as dental, vision, life insurance and 401K. We also proudly offer a slate of more nontraditional perks - opportunities like online learning and development courses, tuition reimbursement, $100 monthly student loan support and various mentorship programs - that encourage our associates to grow personally as they develop professionally. You'll also enjoy a yearly $1,000 lifestyle reimbursement, 4 weeks of vacations, 12 holidays and generous parental leave, because work-life balance is more than just a buzzword - it's part of our culture.

Temporary associates are provided three options for medical insurance as well as dental and vision insurance and an associate discount.

Part time associates are provided 401k, short term disability, a yearly $300 lifestyle reimbursement and an associate discount.

Flexible Work Schedule

For decades we have fostered a unique culture founded on our values with a particular focus on in-person teamwork and collaboration. Our North American hybrid model encourages rich in-person experiences, showcasing our commitment to teamwork and connection, while maintaining flexibility for associates. New Balance Associates currently work in office three days per week (Tuesday, Wednesday, and Thursday). Our offices are fully open, and amenities are available across our North American office locations. To continue our focus on hybrid work we have introduced "Work from Anywhere" (WFA) for four weeks per calendar year. This model will help us enhance our culture while continuing to maintain elements of flexibility.

Equal Opportunity Employer

New Balance provides equal opportunities for all current and prospective associates and takes affirmative action to ensure that employment, training, compensation, transfer, promotion and other terms, conditions and privileges of employment are provided without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, handicap, genetic information and/or status as an Armed Forces service medal veteran, recently separated veteran, qualified disabled veteran or other protected veteran.