Founded over 35 years ago, First Quality is a family-owned company that has grown from a small business in McElhattan, Pennsylvania into a group of companies, employing over 5,000 team members, while maintaining our family values and entrepreneurial spirit. With corporate offices in New York and Pennsylvania and 8 manufacturing campuses across the U.S. and Canada, the companies within the First Quality group produce high-quality personal care and household products for large retailers and healthcare organizations. Our personal care and household product portfolio includes baby diapers, wipes, feminine pads, paper towels, bath tissue, adult incontinence products, laundry detergents, fabric finishers, and dishwash solutions. In addition, we manufacture certain raw materials and components used in the manufacturing of these products, including flexible print and packaging solutions.
Guided by our values of humility, unity, and integrity, we leverage advanced technology and innovation to drive growth and create new opportunities. At First Quality, you’ll find a collaborative environment focused on continuous learning, professional development, and our mission to Make Things Better®.
We are seeking a GRC Analyst to work remotely. This position will be responsible for assisting in the Information Security Governance, Risk and Compliance activities across First Quality Enterprises. This role will assist the GRC team with the management of key Information Security initiatives which change annually, as well as supporting and maturing the First Quality’s Information Security Risk Management Program. The Analyst will support various activities under the following key GRC programs:
• Third Party Risk Management
• Training & Awareness
• Security Policies, Standards, Procedures
• Data Loss Prevention
• Technology Risk Management
• Regulatory Compliance
This position has several principal responsibilities as outlined below. This position reports to the Senior Manager – Information Security GRC.
Responsibilities
The Information Security GRC Security Analyst will be tasked with managing strategic Information Security projects which will change annually, assessing third party risks, managing security solutions, auditing/assessing various IT/IS processes and technologies to identify key security risks, manage the remediation/mitigation of identified risks, maturing the GRC program through the implementation of robust processes and eventually a GRC technology. Activities include:
• Assisting with third party due diligence in the form of risk assessments and platform analysis
• Development/modification of Information Security related documentation
• Helping all facets of the Information Security Awareness Program which includes roll out of CBTs, phishing simulations, newsletters, in person and web conferencing trainings
• Creation and maintenance of weekly, monthly, quarterly, annual security reporting metrics (e.g. user recertifications, phishing simulation failures, compliance with required trainings, USB audits, key risks)
• Assisting with the management of Data Loss Prevention alerts and technologies
• Maturing the Information Security Risk Management Program by identifying threats and risks to the organization
• Formalize the risk register and working to remediate or mitigate risks
• Developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security controls
• Manage IS self-assessments to ensure systems and applications are complying with First Quality policies, applicable regulatory and legal requirements, and leading industry practices
• Participate and support Internal and External Audit activities DC2-General Business Requirements: • Occasional travel: Up to 15%
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The ideal candidate should possess the following:
• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent); Security certifications such as CompTIA Security +, CISSP, CISA, CCNA or equivalent or working towards certification is ideal
• Experience or Exposure to Project Management methodologies and platforms such as ServiceNow
• 5-7 years’ experience working directly in an Information Security or Information Technology role with Information Security exposure.
• Experience in using technical GRC risk management solutions, with OneTrust experience preferred.
• Working knowledge of the following frameworks and regulations: NIST CSF 2.0, NIST 800-53, CIS Critical Security Controls
• Familiarity with security controls in Windows OS, network devices, servers and databases.
• Expert knowledge of Microsoft Office applications with experience in managing and creating complex Microsoft Excel spreadsheets and power points to extract and report on key data points.
• Excellent written and oral communications skills; ability to lead discussions and communicate security risks to non-technical business stakeholders.
• Ability to work collaboratively in a team environment and to work independently with little direction and/or supervision to meet deliverable deadlines.
• Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount
What We Offer You
We believe that by continuously improving the quality of our benefits, we can help to raise the quality of life for our team members and their families. At First Quality you will receive:
• Competitive base salary and bonus opportunities
• Paid time off (three-week minimum)
• Medical, dental and vision starting day one
• 401(k) with employer match
• Paid parental leave
• Child and family care assistance (dependent care FSA with employer match up to $2500)
• Bundle of joy benefit (year's worth of free diapers to all team members with a new baby)
• Tuition assistance
• Wellness program with savings of up to $4,000 per year on insurance premiums
• ...and more!
First Quality is committed to protecting information under the care of First Quality Enterprises commensurate with leading industry standards and applicable regulations. As such, First Quality provides at least annual training regarding data privacy and security to employees who, as a result of their role specifications, may come in to contact with sensitive data.
First Quality is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, sexual orientation, gender identification, or protected Veteran status.
For immediate consideration, please go to the Careers section at www.firstquality.com
to complete our online application.
