Sr Cyber Risk Analyst
Posted on Nov 21, 2018 by Under Armour
Under Armour is looking for a Cyber Risk Analyst to help Protect This House. This individual will work in the growing Global Information and Cyber Security team in helping expand the cyber risk department.
The main objective is to perform risk identification, assessments, control monitoring, and variance reporting. This individual will ensure the security's teams eyes are on the prize and focused.
The scope is global, and includes vendor, project, systems, networks, digital space, and architectures.
ESSENTIAL DUTIES & RESPONSIBILITIES
- Protect What Matters:
- Assist in identifying information assets, business processes, systems, and architectures which are important to the organization.
- General Risk Assessments:
- Complete risk assessments of information assets, business processes, systems, and architectures to ensure the adequate controls are met in a continuous lifecycle;
- Assist Cyber Security team in meeting maturity benchmarks as determined by leadership.
- Third Party Risk Management:
- Perform third party risk assessments and develop guidance that addresses gaps; and
- Assist with adherence to vendor management, risk, and information security policies, standards, and procedures.
- Privacy / Security Assessments:
- Perform assessments in coordination with Under Armour's privacy department to ensure adequate controls are being met.
- Cyber Security Architecture:
- Be an active participant in project requirements and design phases to ensure cyber security controls are built in based on classification of data being used.
- Ability to effectively communicate risks via verbal, scorecards, profiles, and other methods to information security teammates and leadership.
Knowledge of cyber and risk management concepts, including:
- Understanding how cyber impacts business objectives;
- Network, software, infrastructure, cloud architectures;
- Ability to understand business and technical risk implications;
- Knowledge of cyber threat vectors, both generally and sector-specific; and
- Knowledge of current cyber threat trends and approaches.
Competent in industry standards & regulations such as:
- NIST Special Publication 800-53 (rev. 4, and draft rev. 5);
- NIST Cyber Security Framework;
- Factor Analysis of Information Risk (FAIR);and International security & privacy regulations in regions such as in LATAM, APAC, EU (GDPR).
- 5 years experience in the cyber security community
- Experience in other IT domains a plus i.e. network, system administration, cloud infrastructures, etc.
- Experience in cyber risk management
- Experience in information governance
- Knowledge of a GRC tool (preferable ServiceNow)
EDUCATION AND/OR EXPERIENCE:
- 5 years experience in the cyber security community;
- 3 years experience in cyber risk; and
- Able to obtain a CISSP or other industry certification within one year.
At Under Armour, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Under Armour believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.
Morgan Stanley USA
Morgan Stanley USA