Security Risk Analyst (Flexible Location)

Shape Your World

At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress.

The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper.

As a leader within Alcoa, you can help us fulfill our purpose and realize our vision to reinvent the aluminum industry.

Be part of the team that is helping shape a better workplace with a better work-life balance and the equal opportunities that help everyone thrive.

You have the power to shape things to make them better.

About the Role:

As the Security Risk Analyst, you will participate with the development of our new program.

Your input will be key in designing and implementing the program, that is still in its developmental stage.

This professional will be joining our Governance Risk & Compliance (GRC) team within the Information Technology & Automation Systems (ITAS) department.

The Security Risk Analyst will be responsible for optimizing the IT risk management program that balances risk, compliance, and cost, to align with the Company’s business goals and ITAS strategy.


* Contribute to the development of the IT Risk Management Program (policy, standards development, implementation, GRC platform configuration and adoption)


* Conduct independent and comprehensive system risk assessments of the management, operational, and technical security controls and enhancements employed within or inherited by a system to determine the overall effectiveness of the controls.


* Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a risk assessment or major change.


* Assess all applicable system component configurations baselines or benchmarks for currency during the system risk assessment and during change or updates for release management processes.


* Provide a comprehensive assessment of the weakness or deficiencies in the information systems and prepares the final security control gap analysis and system risk assessment report containing the results and findings from the assessment.


* Ensure that system owner corrective action plans (CAPs) are in place for vulnerabilities identified during risk assessments, audits, or self-assessments.


* Provide input to the Risk Management process and maintain and update risk management policies, standards, guidelines, and procedures.


* Validate and update security documentation reflecting the application or system security design.


* Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.


* Lead the reporting efforts for all information system weakness or deficiencies plus CAPs.


* Configure and manage the risks and KPI’s in a GRC platform.


* In combination with the ITAS Security Awareness & Training Specialist, provide threat awareness, and education to Alcoa’s users (or employees & contract...