Overview

Enterprise Holdings is the world’s largest car rental operator and an industry leader in mobility and technology. We’re one of the top global travel companies, ranking ahead of many airlines and most cruise lines and hotels. And no matter what transportation challenges our customers face, we have an innovative solution.

We operate the Enterprise Rent-A-Car National Car Rental and Alamo Rent A Car brands via more than 9,500 fully staffed neighborhood and airport offices, including franchisee branches, in nearly 100 countries and territories.

Through this robust global network, we operate a fleet of nearly 1.7 million vehicles and provide a comprehensive portfolio of transportation solutions, including car rental, carsharing, vanpooling, car sales, truck rental, vehicle-subscription and affiliated fleet management services. As a total mobility provider, we serve the needs of a wide variety of customers, businesses, government agencies and organizations every day.

At the center of it all, our dedicated IT teams innovate, design and develop the technology that is redefining how customers rent, buy and share vehicles from our family of brands. Here, you will be part of a diverse and talented team that creates and delivers powerful technology solutions for our customers and employees across the world with the resources and support to develop in a variety of career paths.

As you are considering a position with Enterprise Holdings, we invite you to learn more about our business. Today – and every day – the safety and wellbeing of employees, customers and the communities we serve is our top priority. For the latest on our COVID-19 response, please click here.

As an Enterprise employee, we offer an excellent package with market-competitive pay, comprehensive healthcare packages, 401k matching & profit sharing, schedule flexibility, work from home opportunities, paid time off, and organizational growth potential.

This position is open to candidates who wish to work from home (WFH). Employees who choose virtual / remote work should have an adequate space to serve as their home office.  #LI-REMOTE

Responsibilities

The ISO Governance, Risk and Compliance department is looking for a Security Analyst 2 to join our Policy & Compliance Team. In this role you will directly influence the organization’s security posture by researching and measuring adherence to security requirements in the form of policies and standards.

The successful candidate will be driven and posess strong communication skills, with the ability to translate technical requirements into common terminology.  Also, a solid understanding of IT components with an understanding of the corresponding security controls needed to secure them will be important for the success in this role.

As a Security Analyst 2 on the GRC Policy & Compliance team, you will:

Understand and maintain information security policies, standards, procedures and technical guidelines to support business objectives and regulatory compliance, providing research, recommendations and contributions.

Proactively monitor developments in industry standards, laws and regulations, contractual requirements, and the organization’s capabilities and risk strategy. Analyze applicability and impact and translate into policies and standards changes. 

Work closely with stakeholders from information technology and the business who implement the policies to promote and disseminate policy, standards, and technical guidance to the organization.  

Provide subject matter expertise for policy content, intent, and applicability of security requirements. Create and conduct presentations and white papers for medium and large audiences. 

Effectively and professionally collaborate with IT stakeholders to analyze and measure risk, as well as determine and validate risk treatment options.

Share risk insight and context to educate others and ensure they understand and adhere to security procedures and compliance requirements

Identify, create, and maintain key performance metrics for measurement of risk and compliance, and create documented reports on results of IT security risk analysis and assessments, following established methodologies.

Contribute to the development and maintenance of security assessment methodologies and operational processes. 

Participate in customer audits as they pertain to the information security governance area.

Follow security policies and procedures to protect our customers, our employees, and our brands by incorporating security and compliance in all decisions and daily job responsibilities.

Apply fundamental cybersecurity and privacy principles (relevant to confidentiality, integrity, availability, authentication, and non-repudiation) to team and department level requirements; apply security policies and frameworks into operational processes.

Equal Opportunity Employer/Disability/Veterans

Qualifications

Required:

Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future

3+ years of IT-related experience

2+ years of IT security experience in policy and compliance

Strong knowledge of security and risk management industry standards (preferred standards are PCI DSS, ISO 27001/2, NIST CSF/800-171)

Strong interpersonal and technical skills, with the ability to relate to all levels of technology and business

General knowledge of various IT systems and components, such as servers, storage, switches, etc. (hands on technical knowledge is not required)

Knowledge of technical security controls/tools in the context of vulnerability management, incident response, cloud security, application security, etc.

Knowledge of modern security problems and solutions for endpoint security, network security, cloud security, application security, identity & access management, vulnerability management, threat detection, and/or incident response

Ability to maintain a high degree of confidentiality

Capable of working independently, as well as in team/collaborative setting

Must have proven experience in working effectively in cross-functional teams and the ability to establish, foster and maintain relationships across the organization

Must demonstrate strong documentation, communication skills, and proven ability to deliver presentations

Must be committed to incorporating security into all decisions and daily job responsibilities

Preferred:

Bachelor's degree in Cyber Security, Computer Science, Computer Information Systems, Management Information Systems, or extensive security related experience preferred

Security related certifications such as: CISA, CISSP, CRISK

Solid knowledge of Information Security Forum (ISF) Standard of Good Practice (SoGP)

Thorough understanding of security industry standards such as ISO 27001/2 and NIST security standards. 

Functional knowledge of productivity, documentation, and collaboration tools such as SharePoint, Jira, Confluence, and Jive