Security Risk & Resilience Analyst

Join a great place to work with MissionSquare Retirement, a FINANCIAL SERVICES LEADER in public sector employee retirement products and services. Headquartered in Washington, DC, MissionSquare Retirement was founded to provide portable retirement benefits for city and county managers, enabling accumulated retirement assets to be transferred between employers. Today, MissionSquare Retirement serves more than 1.5 million participant accounts, and more than 9,000 retirement plans across the country. We have an extraordinary talent base and invite you to consider joining MissionSquare Retirement's Technology team.

The Security Risk & Resilience Analyst will work with the Director, Cyber Security Risk, to serve on a risk team responsible for reviewing and documenting where security and technology controls are adequate, as well as areas requiring improvement. As a joint role, The Security and Resilience Analyst will also work to evaluate the existing business continuity and disaster recovery strategy to identify any weaknesses or shortcomings in the company's Disaster Recovery strategies to make recommendations to improve and strengthen the controls.

Essential Functions for this role include:

• Assist with administration of disaster recovery (DR) plans for all divisions/departments to ensure that they are updated as appropriate and meet the mandatory requirements utilizing the Business Continuity Planning system used across the company to build and maintain the corporation's business continuity plans in a uniform format.

• Assist in coordination of corporate DR exercise and conduct the yearly DR desktop simulation exercise with the Incident Management Team.

• Assist with the ongoing review of new projects, ensuring resiliency is included in design, development, and execution phases.

• Draft/update DR policies and procedures as necessary in conjunction with Sr. Manager, Business Continuity

• Participate in reviews by Internal Audit, external audits and Compliance and assurance that any comments are addressed in a timely fashion.

• Assist with documentation of technical disaster recovery infrastructures, strategies, and standards.

• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation. Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.

• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks. In tandem with security leadership, the analyst consistently assesses and validates the assurance of the security program.

• Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.

• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Analyze findings, and document, recommend and report program gaps to security leadership.

• Define metrics to assess the success of the security and associated continuity elements of the program and provide regular reports to security and business leadership.

• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.

• Administration and/or familiarity with network and host configurations, application security, cloud services, third-party risk management, and role-based access.

• Other duties as assigned.

If you have the following skills, we encourage you to apply:

• BA/BS or equivalent experience

• 1 to 3 years' experience in either Cyber Risk Management, Security Analyst role, and Disaster Recovery, and related activities, preferably for a financial services corporation.

• Ability to work in a fast-paced environment.

• Experience in one or more of the following: NIST, ISO 27001/2, or ITIL.

• Additional experience in and understanding of one or more of various regulatory requirements and laws, including but not limited to SOX, HIPAA, PCI, GDPR, and GLBA.

• Knowledge of industry Business Continuity Planning (BCP) standards, information security practices, and experience in implementing multiple risk mitigation approaches

• Experience with DR in a hybrid data center and cloud-based environment

• Strong understanding of disaster recovery and information security

• Experience in evaluating third-party cyber security and vendor management

• Experience in risk management and control frameworks

• Strong computer skills, particularly Microsoft Excel, Word and PowerPoint

• Strong Verbal and Written Communications Capabilities

• Experience in leading successful negotiations with technology teams to achieve RTO/RPO Requirements

• Organized, motivated, self-starter

• Experience in analysis of security controls

• Any Security Certification (Example: Security+ or CISSP), and/or professional certification from the Disaster Recovery Institute International (DRII) or The Business Continuity Institute (BCI) (e.g., Certified Business Continuity Professional - CBCP) and/or related certifications.

• Cloud certification in either Azure or AWS.

To benefit your career and support your wellbeing, we offer:

• Competitive Total Rewards (compensation and benefits) package, including 401(k) Plan with matching contributions

• Varied incentive plans

• Flexible/Hybrid work schedules

• Wellness programs

• Tuition reimbursement

• Professional and career development courses

• Mentoring programs

• Volunteerism program

As a company, MissionSquare Retirement is an Equal Opportunity Employer. We strive to create an environment that reflects the value and diversity of our employees and fosters respect among them. We believe that talent from diverse backgrounds will further enhance our ability, and mission, to serve those who serve their communities.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or any other protected classifications under any applicable law.