Vacancy expired!
Sr. Information Security Risk Analyst - Long-term project Please send resumes to Project Overview:
- The Senior Information Security Risk Analyst will take a leading role in independently managing identified security risks to the organization.
- They will operate the company risk management program, evaluate security risks and provide guidance on appropriate risk mitigation activities with minimal oversight.
- The Analyst will proactively build and maintain relationships with business and technical stakeholders, by acting as a trusted advisor for security risk inquiries and concerns.
- Identify, assess, and track remediation of potential information security risks to the company and its operations
- Collaborate with business and technical representatives to identify and evaluate mitigating factors and remediation plans for addressing security risks to the organization
- Design, implement and drive information security risk management processes using company tools and technologies
- Build and maintain internal relationships to ensure alignment and partnership with key stakeholders globally.
- Support development and maintenance of the company-wide information security risk register
- Prepare and present reporting to senior GICS leadership on security issues and developing security risks to the organization
- Act as a point of contact for information security risk and compliance inquiries
- Lead scheduled and ad-hoc information security risk assessments of company initiatives, products, and departments against corporate policies and security best practices
- Provide subject matter expertise on the design and implementation of technical security controls to address known risks and noncompliance
- Bachelor's degree or above required, ideally in Information Systems, Cyber Security, or a related discipline
- 5 or more years of experience in designing, implementing, and assessing information security and compliance programs required
- Ability to build and maintain relationships with a diverse range of stakeholders globally required
- Ability to clearly and concisely communicate technical security topics to non-technical audiences and senior executives required
- Ability to associate technical security issues to business objectives and operational impacts required
- Ability to evaluate design effectiveness of technical security controls required
- Familiarity with common Information Security frameworks and Regulatory standards such as NIST, ISO27001, SOX, SOC 2 reporting, PCI, HIPAA or FAIR required
- Familiarity with secure development principles for operating systems, databases, applications and network infrastructure required
- Familiarity with vendor security assessment techniques preferred
- Familiarity with vulnerability management techniques preferred
- Familiarity with secure cloud configuration principles for AWS, Azure or Google Cloud environments preferred
- Familiarity with common Privacy regulations such as GDPR and CCPA preferred
- Familiarity with implementing and utilizing GRC tools an advantage
- Familiarity with secure application development practices an advantage
- Familiarity with common encryption technologies an advantage
- Familiarity with firewall technologies such as Palo Alto an advantage
- Familiarity with production and broadcast environments an advantage
- Achievement of one or more industry-relevant security certifications such as CISSP, CISM or CRISC an advantage
Vacancy expired!