Cyber Security Analyst (#3111) in Glenview, IL at ITW

Date Posted: 10/1/2019

Job Snapshot

Job Description

The Cyber Security Analyst is part of the Corporate IT team and is responsible for understanding ITW’s risks and ensuring our mitigation policy and programs are operating effectively. He/she provides guidance on our policies and programs and keeps current on emerging trends and threats through ongoing education and active participation in peer groups.

This role will provide direct expertise to cyber policies surrounding our Corporate systems and may be asked to provide indirect oversight for localized systems at our ITW manufacturing businesses. These businesses vary from smaller, local divisions with fewer locations to larger, complex global divisions, which requires flexibility in approach to align with growth and profitability drivers of each business.

The ideal candidate will thrive in an informal, decentralized culture where decisions are largely consensus-based, and strong execution is expected and valued.  

       Specific Responsibilities:

  • Perform threat and vulnerability assessments and create a subsequent prioritized remedial action plan
  • Prepare and conduct security risk assessments and provide associated gap reports
  • Consult with IT and security staff to ensure security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
  • Recommend the implementation of technical controls to support and enforce defined security policies
  • Develop a strong working relationship with the technical operations team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements
  • Engage in building information security metrics and/or dashboard to present to various IT stakeholders
  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks
  • Participate in review of SOX controls, GDPR guidelines, NIST Cybersecurity Framework, Insurance policies and other legal and/or regulatory requirements to ensure Cyber Strategy is accurately reflected
  • Review, assess and provide recommendations based on penetration testing exercises
  • Provide system monitoring to the daily, weekly, monthly recurring security task list
  • Monitor internal controls to ensure appropriate information access levels and security clearances are maintained
  • Develop and maintain documentation for security systems and procedures
  • Work with 3rd Party Software Providers and Vendor Management Office to ensure that information system security requirements are included in contracts
  • Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors


  • Outstanding verbal, written and interpersonal communication skills with the ability to interact and build trust across all levels of the organization
  • Experience working in a team-oriented, collaborative environment
  • Highly self-motivated and directed
  • Experience working with legal, audit and compliance departments
  • Experience developing, maintaining policies, procedures, standards and guidelines
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity
  • Highly organized and respectful of the need to plan amidst multiple priorities


  • Bachelor's degree in Computer Science, Information Systems, Business or related field. Master’s degree a plus.
  • Minimum of 6 years of IT experience, with three to four years in an information security role or network security administration role
  • Proven record of building collaborative cross-functional relationships
  • Good understanding of Information Security Risk Management, Gap Analysis and Remediation Programs.
  • Knowledge of information security principles, including risk assessment, risk registration, vulnerability tiered approach and unified controls framework.
  • Knowledge of network infrastructure including routers, switches, firewalls, DMZs as well as IDS/IPS and security services would be very helpful.
  • Certification – CISA or CCSP is helpful.
  • Experienced in cybersecurity frameworks such as NIST, COBIT, ISO 27002
  • Experienced within regulatory requirements (SOX, HIPAA, Privacy acts, etc.)
  • Willing to Travel: Less than 10%

Illinois Tool Works Inc. (“ITW” or “the Company”) is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender identity, sexual orientation, religion, national origin, age, disability, protected Veteran status or any other characteristic protected by applicable federal, state, or local laws.

If you are a qualified individual with a disability and are unable or limited in your ability to use or access the online application system process due to your disability, please email to request assistance. No other requests will be acknowledged.