Security Risk Analyst

Overview:

POSITION OVERVIEW

The Senior IT and Security Risk Analyst is responsible for identifying and managing IT and security risks by independently conducting IT and security risk assessments and recommending effective risk management strategies. Collaborates with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Utilizes analytical thinking and problem-solving abilities for a deep understanding of IT infrastructure and cybersecurity principles.

DUTIES & RESPONSIBILITIES

Works with and supports the business units and/or business departments in the facilitation of the IT Risk Management (ITRM) framework

Leads the discussion of IT and security risks with stakeholders and business units

Manages and participates in ITRM program activities associated with, but not limited to: tracking, completion, and reporting of IT and security risks and remediation plans, oversight of the Application Risk Profile process and remediation plans and reviewing, analyzing, and reporting on risk-related issues

Facilitates the review and risk evaluation of new or existing information resources or technology related services

Develops and manages the reporting of various risk and control indicators, such as inherent risk, control effectiveness, residual risk, and overall status

Supports the development, implementation, and maintenance of risk assessment frameworks

Preparing status reports and presentations on a timely basis

Other ITRM duties as assigned

MINIMUM REQUIREMENTS

Bachelor’s Degree in a technology related field or business administration, accounting, finance, or related field or the equivalent combination of education and experience

Requires 5+ years of experience in IT and security risk management (or similar field)

Knowledge of IT and Security principles/frameworks such as COBIT, NIST CSF, Cloud Controls Matrix, CIS CSC, ITIL, ISO 27001

GRC software experience

PREFERRED EXPERIENCE

Security related certifications such as CISA, CISSP, CISM, CRISC, or Security+

Experience with BWise/SAI360 GRC

GRC power user

Familiar with the SOC2 process and controls

Familiar with Unified Compliance Framework and/or similar IT/Security Frameworks

Ability to prepare presentations, status reports, process narratives and workflow diagrams

Demonstrate ability to plan, schedule, and coordinate work, and able to maintain elevated levels of confidentiality and professionalism

Permanent