Security Governance, Risk and Compliance Analyst

Together, WE enable individuals to look, feel, and be their true selves.

Wella Company is one of the world’s leading professional and retail hair companies. It is a beauty collective with a mission to enable consumers to look & feel like their true selves. It’s loved brands, which include beauty icons such as Wella, Clairol, OPI, and ghd (all together “Wella”) are co-created by & designed for the beauty junkies of today & tomorrow.

THE ROLE

The Cyber Governance, Risk and Compliance Analyst is responsible for ensuring that Wella can demonstrate compliance with industry standards and regulatory obligations in the use of technology to meet business objectives, including performing, tracking, and reporting on the effectiveness of controls, compliance activities, and risk assessments.

KEY RESPONSIBILITIES

• You will execute Cyber governance, risk, and compliance activities to ensure that Wella can demonstrate that its control environment is aligned with audit, risk, industry, and regulatory requirements. Work with key stakeholders to drive consistent and continuous compliance with Cyber controls framework and coordinate internal and 3rd party assessments.

Provide subject matter expertise on industry-recognized control frameworks, such as COBIT, NIST, ISO, and similar standards.

• Manage the development and implementation of Cyber governance, risk, and compliance policies and procedures.
• Provide expert-level guidance on implementation, monitoring, and evidence collection to demonstrate alignment with industry-recognized control frameworks.
• Plan, schedule, track, monitor, and manage issues related to audit, compliance, and risk assessments.
• Provide guidance on company policies that affect the Cyber and IT control environment.
• Perform periodic reviews and evaluations of Wella Cyber governance, risk, and compliance program to validate that the program adequately aligns with Cyber, audit, risk, industry, and regulatory reporting and evidence requirements.
• Provide subject matter expertise and guidance to the lines of business on interpretation of Cyber requirements to ensure successful completion of internal and external assessments.
• Ensure strategic objectives of the Compliance & Ethics Program are met in the context of Security governance, risk, and compliance, including execution of program assessment activities, coordination of response and tracking of action items for remediation.
• Identify areas of potential improvement.
• Create reporting for Cyber governance, risk and compliance activities to the wider Cyber team and key stakeholders.
• Perform third party due diligence Cyber reviews, assist with responses to audit and customer questionnaires.
• Prepare Wella staff for planned Cyber governance, risk, and compliance assessment activities.

EXPERIENCE

• Experience implementing, documenting, tracking, and maintaining technology compliance frameworks.
• Experience performing compliance assessments, information security, risk management, and/or technology risk management.
• Bachelor's degree or an equivalent combination of education and experience.
• Industry certifications are highly preferred.

EEO OPPORTUNITIES

The Wella Company wants to meet the aims and commitments set out in its equality policy. This includes not discriminating under the Equality Act 2010 and building an accurate picture of the make-up of the workforce in encouraging equality and diversity.

We offer equal employment opportunity to qualified individuals without regard to race, religion or belief, color, national origin, age, gender, disability, sexual orientation, gender identity, gender expression, marital or civil partnership, pregnancy and maternity, veteran status, or any other characteristic protected by law. Wella Company complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, please contact: careers@wellacompany.com.

We strongly believe that cultivating a diverse workplace gives a company strength. The combination of unique skills, abilities, experiences and backgrounds creates an environment that produces extraordinary results. EOE Minorities/Females/Protected Veterans/Disabled.