IT Security Risk Analyst GRC
Posted on Sep 19, 2019 by Request Technology - Craig Johnson
Prestigious Enterprise Company is currently seeking an IT Security Risk Analyst.
Candidate will help safeguard the organization's information through the performance of risk assessments, influence on policy and standards and contribution to security awareness. In this role your skills, experience and knowledge of information security will help the organization ensure vendors, applications and organizational changes occur within the boundaries of the organization's risk tolerance. Candidate will participate in projects and assessments as a security consultant or advisor on risk. Researches general and industry specific security trends. Analyzes, defines security policies and information security standards. Provides detail to project teams regarding security requirements. Creates and presents risk reports, policies, results and deliverables.
Participates in projects and assessments on risk determination.
Ability to identify, quantify and communicate risk to customers with a wide variety of backgrounds (technical and business).
Solid understanding of regulations/security standards such as GLBA, PCI, HIPAA, FFIEC.
Knowledge of industry standard Risk Assessment approaches such as NIST 800-30.
Comprehensive understanding of Technical, Administrative and Physical controls to safeguard information security.
Ability to drive assessments through interviews and relationships to understand and quantify appropriate risks.
Possesses a holistic view of an Information Security Program and the role of key components to ensure protection of information.
Experience in interpreting, authoring and analysing security policies and standards.
Experience influencing and participating in building and administering security awareness in an organization.
Bachelor's degree and at least 5 years of experience in information technology OR,
Master's degree and at least 3 years of experience in information technology OR,
At least 7 years of experience in information technology.
Industry relevant certifications such as CISSP, CRISC, CISA, CGEIT, Security +.
Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing.
Ability to establish trust with partners through demonstration of knowledge and commitment to security.
Understanding of the role of the Information security Program in the securing of an organization's.
Strong knowledge and understanding of the role of technical, administrative and physical controls in securing information
Confidence to recommend changes and improvements to the security program.
Ability to manage multiple projects and engagements simultaneously.