IT Security and Compliance Analyst

By | January 10, 2018

Website FMC Corporation

FMC Corporation is one the world’s leading specialty chemical companies. We are proud that our chemistries are helping to grow the world’s food, enabling new innovations in the pharmaceutical delivery, enhancing foods and beverages, contributing to a more sustainable energy supply, improving health, and advancing the manufacture of hundreds of essential products.

FMC is a globally diverse organization that offers its employees exciting opportunities to work on challenging projects that are important to the achievement of our strategic objectives. Your education and professional experience are valued and put to use from day one. Your success at completing key initiatives can result in a varied, progressive and fulfilling career with FMC.

With a corporate culture of innovation, integrity, responsibility and customer intimacy, we foster “The Right Chemistry” in everything we do. We are looking for people to join us in creating, developing, and improving our products, our processes, and our markets. In short, If you are ready to make a difference every day, FMC is ready to talk to you.

The person in the position, under general direction, ensures FMC IT Security Control Framework is in compliance with SOX and FMC/industry standard operating procedures. Develops, tests, documents, evaluates, tracks, identifies gaps, improve IT compliance controls, execution of defined Security Controls and evidence collection. Collaborates with internal and external audit teams, IT management, Internal Audit, External Audit and other stakeholders to ensure IT compliance programs and IT Security Policy deliverables are met.

The IT Security Compliance Analyst will be a key member of the Information Security team responsible for coordination of audits, control definitions, QA testing oversight, procedure creation and/or enhancement, and security and awareness training. Success in this role requires a good understanding of information security best practices, strong SAP and AD security knowledge, ability to understand and communicate risk and controls, organization, planning, good communication and writing skills.


    • Execute IT Security Quarterly SOX controls, evidence gathering and approvals
    • Execute other IT Quarterly SOX controls, evidence gathering and approvals defined in FMC IT Control Framework
    • Provide on-going evaluations and validation of IT control effectiveness
    • Coordinate controls evidence generation, review, approval and storage
    • Perform compliance gap assessments
    • Reviews, documents, evaluates and tests manual and computer controls
    • Outlines clear and effective evidence collection and storage of control activities
    • Establish Central Repository for all IT evidence and maintain library of responses.
    • Actively track and communicate restraints, conflicts or gaps in existing processes as well as cross functional team remediation
    • Interprets Audit results and makes conclusions on the adequacy and reliability of the controls
    • Assist in System Audits and Security Assessments
    • Facilitate internal and external audits, review findings & lessons learned and assist with control enhancements
    • Implement and/or leverage technology to effectively collect, store and share the evidence associated with FMC controls activities
    • Work with different teams within the Corporate and site IT resources to effectively manage their respective controls and security related activities
    • Coordinate and maintain the security awareness training necessary to ensure the adherence to FMC policies, standards and overall security controls
    • Plan and schedule IT resource availability to deliver answers and evidence required by third party assessors
    • Coordinates yearly security incident response effectiveness testing
    • Provides training to third party compliance assessors on FMC tools, resources and repositories for the collection and review of controls related evidence before each audit
    • Captures and stores policy exception approvals for easy access & use during yearly assessments
    • Generate SAP related evidence for controls assessments
    • Generate windows and active directory related evidence for controls assessments
    • Coordinate the responses to compliance findings and the identification of response evidence
    • Be engaged with the audit department’s State of Work (SOW) for audits and compliance assessments
    • Coordinate the IT related tasks associated with the business units compliance controls.
    • Develop, track and publish compliance metrics
    • Communicate updates on compliance controls performance to management
    • Performs tasks and functions as assigned by IT Management

Required Education/Experience

  • Bachelor’s degree in Computer Science, Information Technology related field or equivalent experience.
  • 5+ years experience in IT related field
  • 2+ years experience in IT Audit, compliance or controls assessments
  • 3+ years in-depth experience in SAP security that includes extensive security analysis
  • Certification in Security, Audit or Risk management a plus; CISA, etc
  • Strong background in SAP Access control with a key role on at least one large SAP implementation.
  • Working knowledge of SAP GRC
  • Working knowledge of IT SOX Compliance
  • Working knowledge of Windows operating systems
  • Working knowledge of Active Directory
  • Strong analytical and problem-solving skills
  • Solid understanding of IT Controls and objectives, Control Mapping, Audit Protocols,
  • Working knowledge of Applications, Databases, SaaS and Cloud applications
  • Some knowledge of computer Networks, Servers, IAM Solutions, Incident Response a plus.
  • Excellent communications skills with an emphasis on follow-through, tracking and meticulous attention to detail are required
  • Ability to work independently, adjust priorities, and work in a continuously changing environment.
  • Ability to work successfully in a deadline driven, team environment.


  • Action Oriented
  • Attention to Detail
  • Functional/Technical Skills
  • Technical Learning
  • Informing
  • Organizing
  • Planning
  • Priority Setting
  • Time Management

FMC employees enjoy competitive compensation, a menu of work/life benefits and opportunities to continue developing their skills and building their career. FMC is an Equal Opportunity Employer and makes employment decisions without regard to race, gender, disability or protected veteran status. FMC supports a drug-free workplace.