Newmont Goldcorp Corporation logo

IT Security & Compliance Analyst

Newmont Goldcorp Corporation
On-site
Greenwood Village, United States

 


Founded in 1921 and publicly traded since 1925, Newmont (www.newmont.com) is one of the largest gold companies in the world. Headquartered in Denver, Colorado, the company has approximately 24,000 employees and contractors, with the majority working at Newmont's core operations in the United States, Australia, Ghana, Peru and Suriname. Newmont is the only gold company listed in the S&P 500 index and in 2007 became the first gold company selected to be part of the Dow Jones Sustainability World Index. Newmont's industry leading performance is reflected through high standards in environmental management, health and safety for its employees and creating value and opportunity for host communities and shareholders.


Purpose

This role is responsible for executing the information technology compliance strategy and managing compliance controls, policies, procedures, and processes across the IT landscape. This role will support audit and compliance activities, manage user awareness, and provide oversight of all compliance controls for the business ensuring policies and regulatory requirements are met. This role will support company security and compliance controls and policies by thorough implementation and ongoing support and maintenance.


Essential Duties


  • Updates and performs the necessary gap analysis; creates and maintains various internal and external audit and compliance schedules for Information Technology.

  • Reviews, documents, evaluates, and tests manual and automated computer controls throughout the corporate IT environment; develops and implements testing methodologies for application development, IT infrastructure, security, and availability; designs and executes compliance tests for IT systems and coordinates required remediation

  • Conducts risk assessments on business and operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary

  • Prioritizes and controls projects based on severity of risk and non-compliance; communicates control strengths and weaknesses to internal audit and compliance and collaborates with internal audit to develop migration plans.

  • Applies COBIT5, COSO, ITILv3, and/or NIST frameworks to all documentation and remediation efforts; provides guidance to IT in reengineering of processes and procedures in need of remediation; conducts gap analysis via testing and recommends specific actions to fix gaps.

  • Designs and enhances for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity; assists internal audit team and serves as a liaison with external auditors to facilitate auditing process.

  • Conducts audit/compliance assessments to ensure ongoing evaluation and validation of IT control effectiveness.

  • SAP Security Administration Functional & Technical Expertise

  • SAP GRC Functional Expertise

  • Support project deployments that impact/affect SAP security and user/role governance.

  • Serving as point person for implementing SAP security architecture across various projects

  • Analyzing business requirements and implementing SAP security technical requirements.

  • Recommending and developing security measures to protect information against unauthorized modification or loss

  • Responsible for SAP license utilization and optimization

  • Develop Key Performance Indicators across SAP for patching, vulnerabilities, security events and changes to the authentication/authorization scheme.


Training & Experience


  • 10 years of SAP Applications Security experience.

  • 3-5 years in It Compliance and Risk Management experience  

  • Prefer enterprise level compliance and SOX experience.

  • Capable of illustrating a strong commitment to Information Security practice development and leadership within the organization.

  • Proven experience working closely with Applications team to resolve security and performance related issues for SAP and other application environments.

  • Excellent communications skills across all levels of the work force and experience working in a heavily interfaced environment, and able to demonstrate working knowledge and skills of the main elements of customizing and user administration.

  • Extensive knowledge of SAP standard user transactions, customizing options, reporting capabilities, as well as experience identifying solutions using the Online SAP library & OSS.

  • Preferred SAP FI certification with specialty skills of Security and GRC Tools – if not currently holding certification, be willing to obtain such certification within 1 year.

  • Able to demonstrate a high degree of credibility and influence senior stakeholders within the organization.

  • Able to operate as a highly independent worker and as part of a strong team with a collaborative approach.

  • Experience working and managing vendor performance and service level agreements

  • Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously

  • Ability to communicate highly complex technical information clearly and articulately for all levels and audiences

  • Ability to manage tasks independently and take ownership of responsibilities

  • Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel

  • Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyberattacks

  • High critical thinking skills required to evaluate complex, multi-sourced intelligence information, analyze and confirm root cause, an independently, or at times with the assistance of a Senior IT Threat Analysts or third-party vendor, identify mitigation alternatives and solutions that safeguard our technical environmental


Working Conditions


  • The position is located in the Denver corporate office.

  • Position may be required to travel to, and assist other domestic and international sites. 


 


Our business success comes from the accomplishments and well-being of our employees and contractors. Our goal is to build a workplace culture that fosters leaders and allows every person to thrive, contribute, and grow. We are committed to selecting and developing our employees, and to establishing a work environment where everyone can take an active part in reaching our strategic goals while feeling a sense of pride in working at Newmont.


Newmont seeks to recruit, hire, place and promote qualified applicants, meaning applicants who meet the minimum requirements of the position, without regard to personal characteristics such as gender, race, nationality, ethnic, social and indigenous origin, religion or belief, disability, age or sexual orientation or any other characteristic protected by applicable law.