[The logo is protected from the company]

Cliffs Natural Resources Inc.

Cliffs Natural Resources Inc. (NYSE: CLF) (Paris: CLF) is an international mining and natural resources company.    * The largest producer of iron ore pellets in North America.    * A major supplier of direct-shipping lump and fines iron ore out of Australia.    * A significant producer of high and low volatile metallurgical coal. Driven by the core values of social, environmental and capital stewardship, Cliffs associates across the globe endeavor to provide all stakeholders operating and fi... Read More

Address      200 Public Sq # 3300, Cleveland, OH
Website      www.cliffsnaturalresources.com
Holding      No Holding Details

View Company Page
Apply to job

IT Risk & Compliance Sr Analyst


The Risk and Compliance Analyst acts as the liaison for all information technology related internal and external audits, risk assessments, SOX audits, including the development and reporting of metrics on IT controls compliance and audit remediation activities. This role will interface with all levels of technical and mine site resources as well as senior management.

This role leads small to large initiatives to enhance the risk and compliance posture of the organization which is composed of over 1000 network devices supporting 5,000+ end users. This role will provide support to projects and work with project teams across many different technical disciplines and geographic locations.

This role creates and interprets information security policies and assists with their implementation and enforcement. In addition, promotes information security awareness and monitors compliance with information security policy.

This role is the SME for Risk, Audit and Compliance and requires the individual to develop peers’ and junior staff members’ knowledge base. Specifically, this role will:

• Coordinates and tracks internal and external audit findings and activities related to information technology and information security. Coordinates and tracks information technology risks and regularly updates necessary knowledge repositories with the information obtained from issue owners. Creates and published reports and metrics around audit and risk issues

• Coordinates integrations with the Enterprise Risk Management group and performs information technology and information security risk related processes and activities. Coordinates and facilitates the ongoing information security risk management program and the underlying assessments that are required inputs to this assessment process

• Conducts periodic access audits, facilitates annual access reviews and acts as an escalation point for process problems

• Conduct periodic awareness briefing and presentation sessions and answer information security questions (new hires, managers, lunch & learns, etc…). Author and publish information security tips and messages to internal and external subscribers

• Manages the development, delivery and communications surrounding information security policy, classifications, standards, procedures, waivers and best practices to ensure information security across the company

• Makes recommendations and assists in implementing changes that align with information security policy and procedures to strengthen and improve the company security measures

• Maintain workable knowledge and understanding of information security, risk management and regulatory compliance topics. Understands laws, regulations, industry standards and ethical requirements related to information security. Knowledge of best practice security frameworks, commonly used risk assessment methodologies, industry recognized information technology audit and control standards and other industry resources

• Recognize and identify areas where existing policies or procedures require changes. Update the information security policy based on these needs or when there are changes in the legal or regulatory environment

• Conduct assessments of the businesses’ compliance to information security policy in the areas of manual or automated processes, procedures and access control

• Identify and implements processes and methods for auditing and addressing non-compliance with information technology controls and governance frameworks including COBIT, COSO, ITIL, and ISO 27001, 27002.

• Provide information security requirements for new and existing contracts. Work with corporate sourcing and Legal to perform contract reviews for information security risks. Conduct 3rd party and ASP controls reviews

• Acquires and maintains knowledge of current Cliffs Natural Resources standards, policies, procedures and audit requirements. Communicates with intra and inter-department team members as required, as well as members of Cliffs Natural Resources’ technical and project management teams

• Provides technical advice, guidance and assistance for e-discovery requests and investigations related to information security events. Assists with the documentation of such events

• Maintain workable knowledge and understanding of information security, risk management and regulatory compliance topics. Maintains professional/technical currency of information security knowledge

• Perform additional duties as directed by the Director of Information Security and GRC

• Provide support for other team members as required


• Bachelor’s Degree in a Related Field is required from an accredited 4 year College

• Certified Information Systems Specialist (CISA) and/or Certified Information Systems Security Professional (CISSP) designations preferred


• Knowledge of International, US federal and state regulations that related to information security, privacy and information sharing

• Demonstrated experience working on projects, training, designing process solutions, and directly interacting with customers

• Ability to respond to emergency service calls at any time outside of normally assigned work hours

• Knowledge and understanding of current information security techniques and technologies as well as the methods used in performing risk analyses and assessments. Experience with conducting comprehensive threat and risk assessments of IT systems, applications, and networks

• Willingness to travel up to 10%, including international travel, and be flexible to work various hours to accommodate international business needs

    * 10+ years experience in IT and / or audit

Other Job Information

Vacancy type:

Full Time

Contact Mode:

not provided



Contact Name:

not provided

Job Duration:

not provided





TalentOne Job Information

Information Technology IT Auditor

Open Jobs - Cliffs Natural Resources Inc.

News - Cliffs Natural Resources Inc.

Related Jobs

Java Developer

Develop Java Web Applications for My SourceResponsibilit ...   [more]

IT Audit Manager

Individual will play a key role in the success of QUALCO ...   [more]

IT Audit Manager

Summary of Principal Functions:The Internal Audit Depart ...   [more]

Audit Senior

Working with clients in the charity and not for profit ...   [more]

Business Strategist / PMO- (IT Services Organisati

Develop a Transformation Roadmap - Develop detailed bus ...   [more]

Sr Legal & CS Opening - Noida || CMMI Level 5, Sof

Job Description Send me Jobs like this Location: Noid ...   [more]

Internal Auditor

As an Internal Auditor you will conduct internal operati ...   [more]