Why Crestron?

At Crestron Electronics, Inc we build the technology that integrates technology.

We are proud to be the largest and most recognized brand in automation and control solutions, and the premier technology partner for fortune 500 businesses globally. Our products’ are integrated into new high-tech commercial buildings’ to include some of the most exciting real estate throughout the world. Our clients include Google, Microsoft, Amazon, LinkedIn and many others. We are the leaders in the most exciting industry in the world!

Our automation and control solutions for homes and buildings allow our clients to control entire environments with the push of a button, integrating systems such as Audio Visual, Lighting, Shading, Security, Building Management Systems and HVAC to provide greater comfort, convenience and security.

Overview

The Information Security Analyst will be a Crestron IT Security GRC team member. This individual will actively contribute to the continued development, operation, and maintenance of the company's enterprise-wide information security and risk management program. S/he will provide high-quality information security governance, risk management, and compliance services. 

Responsibilities

• Engage the business units, such as IT, Finance, Legal, Supply Chain, Sales, and Engineering, to identify, assess, categorize, and record cybersecurity, information, and data privacy risks. Develop prioritized action plans, and drive mitigation efforts. 
• Perform security risk assessments of software applications, technology projects, or third-party suppliers and vendor software solutions. 

• Provide input to the overall risk management strategy, both short and long-term, based on the changing threat landscape and overall business objectives. 
• Perform periodic gap assessments against relevant cybersecurity program or control frameworks including ISO, NIST, CIS, and CSA. Identify, catalog, and communicate potential gaps, threats, and associated risks. Recommend controls to reduce risk. 
• Assess new or updated data privacy regulations to determine applicability to the company assets. Identify, catalog, and communicate potential gaps, threats, and associated risks.
• Develop, collect, manage, and present monthly information security (KRI/KPI) metrics.
• On an as-needed basis, assist with other information security operations or projects, including security policy/process development and maintenance, security policy exceptions management, and security awareness training campaigns. 

Qualifications

• Minimum of 3-5 years experience in information security governance and risk management. 
• Bachelor’s degree in computer science or related field. A degree focused on cybersecurity is a plus. 
• Professional information security certifications such as the CISSP, CISM, or CRISC are a plus. 
• Experience with ProcessUnity, Knowbe4, Varonis, or similar platforms or tools is a plus. 

• Knowledge of best security practices and security program management frameworks (e.g., CIS Top 18, CSA, NIST CSF, NIST 800-53, ISO 27001, etc.) 
• Knowledge and understanding of privacy laws, regulatory requirements, and data types, including ePHI, GDPR, HIPPA, PII, etc. 
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to both technical and non-technical audiences. 
• Exhibit strong analytical skills, the ability to manage multiple projects under strict timelines, and the ability to work in a demanding, dynamic environment to meet overall objectives. 

*LI-RD1

EOE/M/F/D/V

BenefitsAt Crestron Electronics, we offer a competitive total compensation package including medical, Dental, Vision, Life Insurance and Short-Term Disability. 401K with company match, Paid Vacation, Holidays and more!

We have new onsite state of the art fitness and wellness centers at our Headquarters in Rockleigh, NJ.

We have new onsite state of the art fitness and wellness centers at our Headquarters in Rockleigh, NJ.

*No Solicitation*

Any agency submittal to any and all employees of Crestron Electronics, Inc by any method of communication will be deemed, the sole property of Crestron Electronics Inc.