Senior Infosec Risk Management Analyst

Job Description

Your Platform

Your Mission

The candidate will have a solid background within information security to make a strong impact on the company's security program and services. The candidate will have experience with various Information Security concepts including data governance, risk management, metrics, audit, policy and standards development. This individual will work with the Information Security team, Legal, IT, and other business teams to:
• Perform assessments on our Information Assets and Third Parties, aimed at reducing organizational risk from an Information Security perspective
• Maintain working relationships with business partners to understand business processes, and the impact of implementing security controls in their ability to do business
• Communicate to our business and IT partners the status of current assessments being performed, and document these assessments
• Support the creation and maintenance of an Enterprise Information Security Risk Register
• Participate in information Security Risk Management process improvement initiatives and deliver on improvement tasks assigned
• Produce operational metrics for Risk Assessments
• Establish and maintain regular written and in-person communications pertinent to Information Security Risk Management activities
• In partnership with Governance, examine incoming requests for exceptions to security control requirements and draft recommendations that include requisite mitigation strategies, seek approval, and maintain a registry of the exception and residual risk

Player Profile

Minimum Requirements:
• Bachelor's degree in Computer Science, Information Systems, other related field; or equivalent work experience
• Minimum of three years of information security experience in a corporate or consulting environment, or
• Minimum of five years developing IT policies and procedures that include implementation of security controls
• Any one or more of the following preferred
• Certified Information Systems Security Professional (CISSP) from ISC2
• ISACA CGEIT, CRISC or CISA certification
• (any) Global Information Assurance Certification (GIAC) from SANS
• Working knowledge of common information security management frameworks and practices such as
• National Institute of Standards and Technology (NIST)
• CIS Critical Controls
• ISO/IEC 270xx
• Solid understanding of security requirements, frameworks, templates, assessments, process maps, data flows
• Demonstrated experience with data governance and regulatory security requirements
• Versed in project management procedures and concepts
• Knowledgeable in a diverse set of technical skills, such as IT infrastructure, operating systems
• Understanding of logging, monitoring, and reporting key performance indicators (KPI) and development of continuous improvement plans
• Excellent oral/written communication, problem solving and analytical skills
• Ability to work independently and as part of a team to achieve desired objectives and project results
• Ability to interface effectively and decisively with all levels of management, departments and outside vendors

Jobcode: Reference SBJ-dy46w3-3-146-152-99-42 in your application.