Information Security Business Analyst
Location: Houston, TX
Duration: 6-7 months
Job Overview and Responsibilities:
Performing activities to support the third-party Information Security Assessment program by evaluating suppliers' security practices to determine security posture and readiness to securely manage client's IT assets and data they are entrusted with.
Providing risk-based guidance to supplier business stakeholders to ensure transparency, comprehension, and acceptance of the risks involved in doing business with each supplier throughout the supplier lifecycle.
Working with appropriate stakeholders and suppliers to perform security risk assessments, analyzing results to determine ongoing monitoring and remediation requirements, and monitoring to ensure remediation of security gaps in a timely manner.
Supporting program maturation activities though process enhancement and data analytics.
Developing and reporting program metrics to drive leadership decision-making.
May work on one or more moderate to complex projects supporting core and ancillary functions.
Work with internal stakeholders to gather needs and requirements, create simple workflow models, process, or application maps.
Possess a bachelor's degree and a minimum of 3-4 years in an analytical role with relevant technical or business experience.
Experience in Technology, Information Security, or Technical Risk Analysis with a solid understanding of information security fundamentals, best practices, and security regulatory requirements and frameworks such as NIST, ISO, PCI, HIPAA, SOX, Data Privacy, etc.
Experience with Third Party Suppliers/ Vendors or Mobile Device Security Controls.
Ability to analyze systems and networks for a clear written determination of compliance, residual risk, and potential vulnerability mitigation strategies.
Skilled at communicating (oral/written) effectively with peer group, middle, and senior management in all areas of the enterprise.
Skilled at working successfully with cross functional teams, soliciting requirements, conducting assessments and gap analyses, and coordinating project activities.
Ability to think critically and analytically.
Possess the ability to direct work priorities and escalate as appropriate.
Bachelor's degree in Computer Science, Information Systems, or Business Administration; however, technical discipline is referred.
Certifications: CBAP, CISSP, CISA, CISM or other information security certifications is a plus.
Reliable, punctual attendance is an essential function of the position.
The ideal candidate will have a good understanding of business process mapping, as well as analytical skills.