Security Risk Analyst

Overview

POSITION OVERVIEW

The Senior IT and Security Risk Analyst is responsible for identifying and managing IT and security risks by independently conducting IT and security risk assessments and recommending effective risk management strategies. Collaborates with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Utilizes analytical thinking and problem-solving abilities for a deep understanding of IT infrastructure and cybersecurity principles.

DUTIES & RESPONSIBILITIES

• Works with and supports the business units and/or business departments in the facilitation of the IT Risk Management (ITRM) framework

• Leads the discussion of IT and security risks with stakeholders and business units

• Manages and participates in ITRM program activities associated with, but not limited to: tracking, completion, and reporting of IT and security risks and remediation plans, oversight of the Application Risk Profile process and remediation plans and reviewing, analyzing, and reporting on risk-related issues

• Facilitates the review and risk evaluation of new or existing information resources or technology related services

• Develops and manages the reporting of various risk and control indicators, such as inherent risk, control effectiveness, residual risk, and overall status

• Supports the development, implementation, and maintenance of risk assessment frameworks

• Preparing status reports and presentations on a timely basis

• Other ITRM duties as assigned

MINIMUM REQUIREMENTS

• Bachelor's Degree in a technology related field or business administration, accounting, finance, or related field or the equivalent combination of education and experience

• Requires 5+ years of experience in IT and security risk management (or similar field)

• Knowledge of IT and Security principles/frameworks such as COBIT, NIST CSF, Cloud Controls Matrix, CIS CSC, ITIL, ISO 27001

• GRC software experience

PREFERRED EXPERIENCE

• Security related certifications such as CISA, CISSP, CISM, CRISC, or Security+

• Experience with BWise/SAI360 GRC

• GRC power user

• Familiar with the SOC2 process and controls

• Familiar with Unified Compliance Framework and/or similar IT/Security Frameworks

• Ability to prepare presentations, status reports, process narratives and workflow diagrams

• Demonstrate ability to plan, schedule, and coordinate work, and able to maintain elevated levels of confidentiality and professionalism