Job Description
Job Description The Role: The Cybersecurity Compliance – Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics. The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Sub‑ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risk‑informed, compliance‑focused decisions. What You'll Do: Compliance Oversight & Risk Management Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF), using its Functions, Categories, and Subcategories to structure policies, controls, assessments, and reporting, while also meeting applicable regulatory and industry standards. Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains. Analyze and prioritize identified issues based on compliance impact and likelihood; recommend risk treatment strategies and control enhancements. Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set. ILM Program Compliance Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements. Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories. Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness. Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations. Export Controls Compliance Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments. Partner with the ECO/Sub‑ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring). Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing. Support investigations, issues management, and remediation for Export‑related control deficiencies and incidents. Business Continuity & Cyber Resilience Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events. Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover). Support exercises, simulations, and post‑event reviews to validate the effectiveness of BCP‑related cyber controls and drive continuous improvement. Reporting, Dashboards & Executive Communication Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders. Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends. Translate technical compliance and control findings into plain‑language, decision‑ready insights for non‑technical stakeholders, emphasizing business and regulatory impact. Data, Automation & GRC Platforms Manage Cybersecurity’s GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations. Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP. Collaborate with Cybersecurity and IT teams to populate and maintain high‑quality risk and compliance data for these domains.