For more than a century, Weyerhaeuser has grown and harvested trees to make innovative products that meet important human needs. We’re serious about safety, focused on performance and proud of what we do. In every corner of our company, you’ll find talented people who care about each other, the communities where we operate, and the planet we all share. Sustainability is the founding concept of our business and our values drive every decision to ensure we continue to lead the forestry industry in sustainability practices. And we know about sustainability – we invented it for the forestry industry when we planted our first seedling by hand in 1938. For over 100 years, our Weyerhaeuser team has been making a difference in the world – from the seedlings we plant, to the forests and trees we nurture, we ensure every acre is managed with diligence, patience, and pride.
We are on a mission to transform the timber industry. We are building value through innovation utilizing new IIoT, drone, and mobile devices, and transforming our presence in the cloud. Our connected forests and mills rely on the culture of sustainability and safety that permeates everything we do – including the safety and security of our business systems and data.
Our IT Governance team focuses on the implementation and management of IT controls to reduce risk in systems across the company. We enable safe, compliant systems and processes in our business environment that are dynamic, global, and always on.
We're looking for a Senior IT Governance Analyst who is passionate about the enablement part of securing technology. It’s one thing to understand various approaches to securing and operating the technology stack, and quite another to implement practical solutions to make it happen and ensure it stays that way. We work across all teams and technologies from traditional financial applications to modern cloud apps, innovative mobile solutions for our field ops, and point solutions in our manufacturing environment. The common thread is identification and mitigation of risk by implementing and maintaining appropriate controls. But it's the people and process that are key to making that happen.
As part of the Project Management Office (PMO), you’ll work closely with Cybersecurity, Enterprise Architecture, IT Service Management, and Procurement to ensure that new tools and services are architected securely and have appropriate controls in place prior to transitioning to production.
Operationally, you’ll help administer the system of record for risk and controls (AuditBoard), and ensure records and evidence for adherence to controls are maintained. You’ll work with the internal audit team and ensure IT teams understand the types of evidence required to prove to others that our systems are secure and operating as designed. You will be exposed to the entire lifecycle of governing IT systems.
Positions on this team require an excellent base knowledge of risk management, basic security and identity knowledge, and excellent communication and collaboration skills.
Primary Responsibilities
Primary responsibility is to perform complex analysis, problem solving, implementation, and documentation, and deliver solutions following standard risk and project management methodologies. Prior experience in the intricacies of IT audit, risk, and controls design is essential.
· Assist IT project teams in embedding standard controls requirements into their projects, help them to design innovative solutions, and evaluate compliance gaps/residual risk prior to go live.
· Provide regular status reports to the team and leadership.
· Provide analysis of complex technology risks and their potential impact on business processes. Suggest and help implement ways to mitigate those risks.
· Work in concert with stakeholders to reduce risk by defining and implementing technical standards and procedures where needed.
· Write and maintain policy and standards documentation as needed.
· Drive the standardization and automation of periodic control performance through issuing, tracking, and reviewing tasks in AuditBoard.
· Educate and consult with process and control owners on an effective IT control environment, evidence required for audit purposes, and remediation activities.
· Identify compliance objectives and map program deliverables to the requirements.
· Perform regular reviews of internal IT control effectiveness and process compliance.
· Help create and maintain dynamic dashboards for visibility of activities in AuditBoard.
· Work effectively across teams and with internal and external auditors to facilitate audit performance.
Connect with us