IT Risk & Compliance Analytics Analyst

About Us:

Stericycle is a U.S. based business-to-business services company and leading provider of compliance-based solutions that protects people and brands, promotes health and well-being, and safeguards the environment. Since our founding over 30 years ago, we have grown from a small start-up in medical waste management into a leader across a range of increasingly complex and highly regulated arenas, serving healthcare organizations and commercial businesses of every size. Every day, we help our customers solve complex challenges by safely managing materials that could otherwise spread disease, contaminate the environment, or compromise one’s identity.

Join us on our mission to protect health and well-being in a safe, responsible, and sustainable way.

Position Purpose:

As a Cybersecurity Risk & Compliance Analytics Analyst, the candidate will be responsible for supporting the end-to-end execution of the centralized User Access Review (UAR) process using a mix of homegrown and commercially available analytics tools.  This position will report to the Manager, IT Risk & Compliance and work with multiple levels of management within the organization to ensure that user access complies with the access management policy.  This role will support the identification of compliance gaps and assist in remediation.  This position is a 100% work from home opportunity without travel.  This positions salary starts at $65,000 or higher.  

Key Job Activities:

• Support the execution of end-to-end centralized User Access Reviews for the organization, which includes data preparation, ETL (Extract, Transform, Load) in UAR data tools, monitoring of reviews while in process, post-access removal validation activities, and risk assessment of access removals.
• Apply technical knowledge to assist in mapping and executing ETL processes in the user access review workflow.
• Support the development, testing, and implementation of necessary UAR tool updates to ensure completeness and accuracy of user access.
• Assist in collaboration with cross-functional teams to gather and understand business requirements for implementing applications within the UAR tools, including understanding access provisioning processes and technical architecture for security across various applications.
• Assist in applying analytical and critical thinking skills to identify potential risks, weaknesses and compliance issues, and perform risk assessment processes in user access controls. Track and remediate access compliance issues in a timely manner. 
• Contribute to maintaining standard operating procedures, documentation of vocabulary, and best practices to optimize the user access review process.
• Participate in troubleshooting activities and data tracing to validate / ensure data transformation integrity when questions arise.
• Utilize data analysis techniques, including SQL queries, to assist in reviewing access data for accuracy and completeness. Proactively address issues that may result in the UAR data being inaccurate.
• Apply data analytics disciplines to cybersecurity, risk management, and digital access governance challenges.

Experience (North America):

• Bachelor's degree in Business Analytics, Information Systems, or a related field.
• Minimum 2-3 years of relevant work experience.
• Proven experience in Data Science, mathematics, economics, statistics or other related analytical background. 
• Basic understanding of auditing standards and their application to user access reviews.
• Previous audit, controls, process and/or IT audit is preferred, not required.
• Strong communication and collaboration skills, with the ability to work effectively with stakeholders at all levels of the organization.
• Strong ability to analyze business requirements and translate them into practical review strategies and quantitative analytics.
• Solid problem-solving and critical-thinking skills and demonstrates the ability to be a self-starter who can utilize their strong problem-solving skills to generate creative solutions to complex issues.
• Knowledge of relevant regulations and standards, such as GDPR, HIPAA, and SOX, is preferred.

Technical Skills: 

• Familiarity with SailPoint IdentityIQ, Alteryx, Informatica, Talend, MS SSIS, or a similar ETL tool.
• Familiarity with programming / scripting languages like Python, SQL, R, Scala, or Java.
• Intermediate to advanced skills in Excel using functions such as VLOOKUP, INDEX-MATCH, and SUMIFS for data manipulation and analysis.
• Familiarity with data modeling and data mapping techniques.
• Familiarity with SQL, database management, data transformation, and data completeness concepts.
• Familiarity with data transformation techniques and data visualization tools (such as Tableau, Qlik Sense, Looker, SSRS, Cognos, SAP Analytics, or PowerBI).
• Intermediate to advanced level skills using Microsoft office products including Word, PowerPoint, and Excel.

Benefits:

Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan. Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.

Our Promise:

Stericycle is committed to attracting and retaining a diverse workforce, and to valuing unique perspectives and identities. We foster a culture of belonging that encourages, supports, and celebrates the diverse voices of our team members. It fuels our innovation and strengthens our connection to our customers and the communities we serve. We are proud to be an equal opportunity employer. All employment is decided on the basis of qualifications, merit, and business need.  

Disclaimer:

The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties and requirements of the job.  This document does not create an employment contract, implied or otherwise, and it does not constitute any right or guarantee of employment condition. This position is open to people with disabilities.  Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources and risks prevention policies and local laws.  To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.