Senior IT Security Risk Analyst

About The Position

Requirements

• Knowledge of: Information Security programs including, but not limited to, IT controls, IT control assurance, audit coordination, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, vulnerability assessment, penetration testing, third-party assessment, secure configurations and patch management.
• Advanced knowledge of infrastructure and logical security technology with experience working with IT Control frameworks like CIS Security controls and NIST Cybersecurity Framework or other industry frameworks such as ITIL, ISO 17799 and/or CoBit processes and procedures.
• Translating business drivers and priorities into security design.
• Government and other regulations related to Information Security (e.g., GLBA, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.).
• Ability to: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
• Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
• Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
• Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.
• Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.
• Skill in: Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
• Bachelor’s: Computer and Information Science, High School (HS) (Required)
• General Experience - 6 to 10 years

Nice To Haves

• Highly Preferred Licenses/Certifications : Security+, CISSP, CISM, CISA, or CRISC

Responsibilities

• Articulates the security perspective to technology leaders or the business and helps them understand the potential impact and possible controls.
• Counsels business units in understanding regulatory information security compliance requirements and helps ensure compliance.
• Represents the Technology Risk and Assurance team in proposing or development of policies and standards, especially where relevant to issue remediation.
• Oversee and act as primary point of contact for IT internal audits, Collaborate with internal and external IT audit teams for scoping, deliverable request management, IT control mapping, and clear issue documentation.
• Partner with senior IT leadership to perform validation of identified issues, ensure action plans are complete and effective, and track issue remediation or risk acceptance through issue closure to ensure timely risk treatment.
• Assist with IT control assurance to ensure IT control owners understand their responsibilities as to risk management, control effectiveness, and control gap remediation as well as compliance to IT security policies and standards.
• Focuses on process improvement to manage risk, proactively prevent problems and identify opportunities for efficiencies and automation.
• Investigates security incidents, control failures, and policy exceptions and works with Information Security teams to recommend/implement appropriate corrective actions.
• Understands, tests and implements security plans, products, strategies and control techniques.
• May lead or participate in security related projects and strategy.
• Performs other duties and responsibilities as assigned.