For more than a century, Weyerhaeuser has grown and harvested trees to make innovative products that meet important human needs. We’re serious about safety, focused on performance and proud of what we do. In every corner of our company, you’ll find talented people who care about each other, the communities where we operate, and the planet we all share. Sustainability is the founding concept of our business and our values drive every decision to ensure we continue to lead the forestry industry in sustainability practices.  And we know about sustainability – we invented it for the forestry industry when we planted our first seedling by hand in 1938. For over 100 years, our Weyerhaeuser team has been making a difference in the world – from the seedlings we plant, to the forests and trees we nurture, we ensure every acre is managed with diligence, patience, and pride.

We are on a mission to transform the timber industry. We are building value through innovation utilizing new IIoT, drone, and mobile devices, and transforming our presence in the cloud. Our connected forests and mills rely on the culture of sustainability and safety that permeates everything we do – including the safety and security of our business systems and data.

Our IT Governance team focuses on the implementation and management of IT controls to reduce risk in systems across the company. We enable safe, compliant systems and processes in our business environment that are dynamic, global, and always on. 

We're looking for a Senior IT Governance Analyst who is passionate about the enablement part of securing technology. It’s one thing to understand various approaches to securing and operating the technology stack, and quite another to implement practical solutions to make it happen and ensure it stays that way. We work across all teams and technologies from traditional financial applications to modern cloud apps, innovative mobile solutions for our field ops, and point solutions in our manufacturing environment. The common thread is identification and mitigation of risk by implementing and maintaining appropriate controls. But it's the people and process that are key to making that happen.

As part of the Project Management Office (PMO), you’ll work closely with Cybersecurity, Enterprise Architecture, IT Service Management, and Procurement to ensure that new tools and services are architected securely and have appropriate controls in place prior to transitioning to production.

Operationally, you’ll help administer the system of record for risk and controls (AuditBoard), and ensure records and evidence for adherence to controls are maintained. You’ll work with the internal audit team and ensure IT teams understand the types of evidence required to prove to others that our systems are secure and operating as designed. You will be exposed to the entire lifecycle of governing IT systems.

Positions on this team require an excellent base knowledge of risk management, basic security and identity knowledge, and excellent communication and collaboration skills.

Primary Responsibilities

Primary responsibility is to perform complex analysis, problem solving, implementation, and documentation, and deliver solutions following standard risk and project management methodologies. Prior experience in the intricacies of IT audit, risk, and controls design is essential.

·         Assist IT project teams in embedding standard controls requirements into their projects, help them to design innovative solutions, and evaluate compliance gaps/residual risk prior to go live.

·         Provide regular status reports to the team and leadership.

·         Provide analysis of complex technology risks and their potential impact on business processes. Suggest and help implement ways to mitigate those risks.

·         Work in concert with stakeholders to reduce risk by defining and implementing technical standards and procedures where needed.

·         Write and maintain policy and standards documentation as needed.

·         Drive the standardization and automation of periodic control performance through issuing, tracking, and reviewing tasks in AuditBoard.

·         Educate and consult with process and control owners on an effective IT control environment, evidence required for audit purposes, and remediation activities.

·         Identify compliance objectives and map program deliverables to the requirements.

·         Perform regular reviews of internal IT control effectiveness and process compliance.

·         Help create and maintain dynamic dashboards for visibility of activities in AuditBoard. 

·         Work effectively across teams and with internal and external auditors to facilitate audit performance.

Education

·         Bachelor’s degree is required

Experience

·         Minimum of five (5) to seven (7) years of progressive, relevant experience

Qualifications

• This position requires stellar communication skills due to the nature of what we do. You must be able to communicate effectively, verbally and in writing, to all levels of technical and non-technical audiences.
• Deep knowledge and prior experience in SOX and ITGC audit
• CISA, CRISC, GCCC, GSEC or related certification preferred
• Prior experience in the intricacies of controls design (not just inspection) and defense in depth.
• Experience in reviewing SOC reports and determining appropriateness of entity compensating controls
• Proven experience in proactively identifying potential risks, issues, and opportunities offering meaningful recommendations that address the root cause.
• Knowledge of industry standard security and control frameworks such as CIS, NIST, COBIT, and ISO
• Experience defining requirements for moderately complex products/solutions
• Highly effective at influencing at all levels of an organization in a collaborative environment to implement effective compliance measures and policies
• Able to multi-task and manage multiple priorities concurrently
• Experience in Project management/delivery frameworks
• Knowledge of Software Delivery Lifecycle, Agile, DevOps, and Change Control principles
• Self-starter that actively displays a commitment to quality and a passion for operational excellence
• Innate curiosity and ability to dig into details without losing sight of the overall objective

Candidates with experience in the following are preferred:

• Native control sets in AWS & Azure
• SDLC controls and deliverables related to projects of all sizes
• Knowledge of IT/OT/ICS environments
• Understanding of the intricacies of control environments in SAP S4, BTP, C4C
• Administration of, or core work within AuditBoard or other GRC tools
• ITIL v4/service management training
• Basic AI knowledge
• Basic query writing, advanced Excel, and Power BI

What We Offer:

Compensation: This role is eligible for our annual merit-increase program, and we are targeting a salary range of $97,400- $146,000 based on your level of skills, qualifications, and experience. You will also be eligible for our Annual Incentive Program, which offers a cash bonus targeting 10% of base pay. Potential plan funding may range from zero to two times that target.

Benefits: When you join our team, you and your dependents will be offered coverage under our comprehensive employee benefits plan, which includes medical, dental, vision, short and long-term disability, and life insurance. We offer a pre-tax Health Savings Account option which includes a company contribution. Other benefit options are also available such as voluntary Long-Term Care and Employee Assistance Programs. We also support personal volunteerism, sponsor a host of diversity networks, promote mentoring, and provide training and development opportunities to help you chart your path to a fulfilling career.

Retirement: Employees can enroll in our company’s 401k plan, which includes a paid company match in addition to our annual contribution equal to 5% of your base salary.

Paid Time Off or Vacation: We provide eligible employees who are scheduled to work 25 hours or more per week with 3-weeks of paid vacation to use during your first year of employment. In addition, after being employed for six months, eligible employees begin to accrue vacation for future use. We also recognize eleven paid holidays per year, providing a total of 88 holiday hours and paid parental leave for all full-time employees.

We know you have a choice in your career. We want you to choose us! If you believe in the same core values that we do - safety, integrity, citizenship, sustainability, and inclusion – then we believe Weyerhaeuser will be an incredible place for you to develop and grow your career. 

Attention Internal Applicants: To ensure transparency across the organization, please have a discussion with your manager prior to applying for any new opportunities. If you need any help facilitating this conversation, please reach out to your HR Representative for guidance. For more information on how to apply, including best practices for updating your profile or partnering with HR and Recruiting, please visit our internal applicant page on Roots: wy.com/applicants

Weyerhaeuser is an equal opportunity employer. Inclusion is one of our five core values, and we strive to maintain a culture where all our people feel a sense of belonging, opportunity, and shared purpose. We are committed to recruiting a diverse workforce and supporting an equitable and inclusive environment that inspires people of all backgrounds to join, stay and thrive with our team.