Cybersecurity Contract Analyst

Job Description:

Position Overview:

The Cybersecurity Contract Analyst performs regular review and analysis of TCCC contracts with third parties and suppliers and working under the guidance of the Director, Global Cybersecurity Risk, identifies contract terms and language where monitoring routines need to be established to ensure compliance to contract terms and cyber risk mitigation for TCCC in relation to agreements with third parties. Given the growing importance of Third-Party Risk Management, this role is essential in providing support and insight for identification and analysis to address adherence to cyber security terms, emerging problems, regulatory compliance and risk profiling of our suppliers. The role will also proactively identify existing contracts where a cybersecurity risk assessment has not taken place and facilitate an initial an ongoing assessment cadence where applicable. The Cybersecurity Contract Analyst understands cyber security risks and mitigation requirements in a variety of contexts, including but not limited to, privacy legislation (i.e. GDPR, CCPA, etc.), payment card (PCI), sensitive personal information (PII), sensitive business information (i.e. intellectual property, competitive advantage data, etc.), SOX financial reporting, etc. The role also has a basic understanding of legal terms and processes as it relates to Procurement and contract lifecycle process. Under the supervision and guidance of the Director, Global Cybersecurity Risk, the contract analyst will build and maintain a risk management and governance process for tracking and monitoring compliance to cybersecurity terms within existing and ongoing contract agreements beyond the initial inception.

Function Related Activities/Key Responsibilities:

• Through review of supplier and third party written agreements to identify whether existing cybersecurity language is present and adequate to mitigate applicable cybersecurity risks in the context of the specific relationship.

• Detailed analysis of a high volume of written contract agreements to identify various cybersecurity compliance needs for management and monitoring (i.e. incident management and notification, SOC1/SOC2 report findings and remediations, PCI attestations, Privacy compliance requirements, 4th party cyber liability, etc.).

• Support the Cybersecurity Contract Manager in creation and maintenance of Cybersecurity supplier and contract risk governance and analysis process for cyber risk management and tracking in support of supplier management teams, key initiatives, gap analysis, and supplier compliance to cybersecurity contract terms.

• Support the Director, Global Cybersecurity Risk in the development and ongoing efforts around identifying, tiering and reporting on contract cybersecurity risks. Build and leverage relationships beyond Platform Services in support of identifying other contract initiation points and building cybersecurity routines into those processes (i.e. Supply Chain, Corporate functions, etc.).

Education Requirements:

• Bachelor’s Degree in Appropriate Field Required (i.e. Information Systems, Computer Science, Cyber Security).

• Relevant industry certification preferred – CISA, CRISC, CISSP and/or CISM.

Related Work Experience:

• Minimum 3 years of work experience in cybersecurity supplier governance, risk, compliance, legal, or relevant related field.

• Strong knowledge of global regulatory standards as it relates to suppliers and contract requirements. Familiarity or experience with NIST, ISO, CSA or other globally recognized cyber security framework required. Knowledge of SOX, PCI, GDPR, CCPA, or other common legal/regulatory frameworks with cybersecurity implications.

• Detailed knowledge of global Data Privacy Requirements providing advice and council on such matters for our Suppliers and Contracts. Knowledgeable in IT hardware, software and service agreement industry standards/best practices. Experience using OneTrust Vendor Risk Management, Privacy, IT & Security Risk Management or other modules a plus.

• Audit and Control Knowledge: Strong understanding of SOC 1/SOC 2 requirements and contract/supplier related internal controls. Experience as an IT auditor or risk advisor for a professional services firm, or in industry, is preferred.

• Working as a Global Team: Ability to work as part of a virtual global team to collaborate across geographic and organizational boundaries to deliver better business results and share best practices across a global System. Demonstrated ability to work in a fast-paced environment, and to self-start, determining work steps based on management direction. Strong oral and written communication skills.

Functional Skills:

• A firm understanding of contract and legal language. Experience and knowledge with cybersecurity risk management, analyzing legal language and understanding intent and impact to cybersecurity risk and practices.

• Ability to analyze cyber security risks in the context of globally recognized cyber security frameworks (i.e. NIST, ISO, etc.). Technology and security knowledge is critical to understanding the context of the contract and supplier risks being managed.

• Detail oriented and well organized, ability to manage multiple contract reviews and ongoing monitoring of contract terms while appropriately prioritizing work relative to risk and urgency.

• Ability to work independently or with a team (local and virtual, technical and non-technical) and comfort in using risk-based judgment and managing ambiguity in a fast-paced and dynamic environment.

Our Purpose and Growth Culture:

We are taking deliberate action to nurture an inclusive culture that is grounded in our company purpose, to refresh the world and make a difference. We act with a growth mindset, take an expansive approach to what’s possible and believe in continuous learning to improve our business and ourselves. We focus on four key behaviors – curious, empowered, inclusive and agile – and value how we work as much as what we achieve. We believe that our culture is one of the reasons our company continues to thrive after 130+ years. Visit Our Purpose and Vision to learn more about these behaviors and how you can bring them to life in your next role at Coca-Cola.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class. When we collect your personal information as part of a job application or offer of employment, we do so in accordance with industry standards and best practices and in compliance with applicable privacy laws.