Security Risk Analyst

Security Risk Analyst
Company:

Recruit Professional Services


Security Risk Analyst

Details of the offer

Security Risk Analyst

Note: Must have prior experience in implementing security policies and standards, while being able to perform risk assessments on new applications. Experience with data protection, data mapping, etc is preferred but not required.
Overview

The Senior Security Risk Analyst will be a key member of the newly formed Information Security team. This individual will actively contribute to the development and implementation of an enterprise-wide information security and risk management program, and operate as an enabler to the business. S/he will provide high-quality information security governance, risk management, and compliance services.

Responsibilities

Engage the business units, such as IT, Finance, Legal, Supply Chain, Sales, and Engineering, to identify information security risks, develop action plans and lead the implementation of controls to reduce risks.

Develop organizational information security-oriented policies, processes, procedures, and standards in alignment with the selected information security management system.

Develop data protection strategies that include the discovery of key business data, classification criteria, data flow maps, and protective control requirements.

Perform gap analysis against security frameworks and security risk assessments on applications, technology projects, and third-party vendor software and solutions.

Provide input to the overall risk management strategy, both short and long term, based on the changing threat landscape and overall business objectives.

Develop and conduct security awareness training and related activities for the business.

Develop, collect, manage and present monthly information security (KRI/KPI) metrics.

Lead and foster the growth of the business security champion program.

Conduct basic security audits.

Qualifications

Minimum of 3-4 years experience in information security and risk management.

Bachelors or Masters degree in Computer Science preferably with a focus on Cybersecurity.

Professional information security certifications such as the CISSP, CISM, or CRISC.

Strong knowledge of common information security frameworks, including CIS Top 20 Controls, ISO 27001, and NIST 800-53 Series.

Knowledge and understanding of regulatory requirements and data types including ePHI, GDPR, HIPPA, and PII.

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to both technical and non-technical audiences.

Exhibit strong analytical skills the ability to manage multiple projects under strict timelines, as well as the ability to work in a demanding, dynamic environment to meet overall objectives.

Ability to led cross-functional, interdisciplinary teams to drive risk mitigations efforts.

#RecruitPS


Source: Dice


Area:

Requirements


Knowledges:

  • Basic

Fire sprinkler inspector - (active nicet 1/2 preferred)

We are a top Contractor leading the market in heavy civil construction on Mass Excavation projects. We are currently in the market looking to build-out our...


Virginia

Published a month ago

Senior machine learning engineer

If you are a Underwriter with your CHUMS, SAR and LAPP certs, please read on! Top Reasons to Work with Us Competitive pay, health, dental, prescription drug...


California

Published a month ago

Tax senior associate -public accounting

If you are a Federal Sales Account Executive with Enterprise Software Solutions experience, please read on! For over 10 years, we have been devoted to making...


Washington

Published a month ago

Sic technologist - remote

Software Developer needed for one of the world's largest distributors of tools and resources to enable life saving measures!! Our goal is to become the market...


Texas

Published a month ago