Analyst, Information Security Risk

The Clearing HouseRaleigh, NC
Hybrid
Match Resume

About The Position

Technology and Information Security Risk Management (TISRM) group is looking for a Information Security Risk Analyst as a direct report to the Director of Information Security Risk Management. In this role, the candidate will be responsible for assessing information security risks across the organization. The individual will perform risk assessments and enhance the continuous Information Security risk monitoring program.

Requirements

  • Bachelor’s degree in risk management, business administration, management information system, mathematics, finance, economics, or a related area.
  • 2-3 years of experience performing risk assessments, e.g., RCSA.
  • Ability and eagerness to understand (at a high level) existing and emerging technologies, and to work with technical teams in a liaison-like capacity.
  • Ability to understand management objectives, risk appetite, tolerances, and impact of changes to risk profiles.
  • Maintain current knowledge of new regulations and emerging industry risks and report potential and/or actual enterprise impact to management.

Nice To Haves

  • Familiarity with IT governance and controls, including governance and control frameworks, such as COBIT, ITIL, FFIEC, COSO or equivalent is a plus, but not required.
  • Extremely Strong analytical and problem-solving skills.
  • Ability to work with all levels within the organization.
  • Ability to work independently and proactively.
  • Collaborative, innovative, resourceful, results oriented, with appropriate judgment.

Responsibilities

  • Perform information security risk assessments across the organization to ensure information security risks are identified, assessed, quantified, appropriately mitigated and managed through the lifecycle of the product and/or service.
  • Draft reports which include information security metrics (KRI/KPI), program status, information security risk profile(s), risk acceptances and other information to provide a holistic picture of Information Security Risk of the organization.
  • Perform periodic/ad-hoc reviews/testing to determine if information security controls are operating effectively.
  • Escalate issues to appropriate levels within organization
  • Stay current in technology specific information security risk management techniques, industry best practices, and regulatory requirements, as well as specific areas of information security risk.
  • Perform Information Security risk assessments of technology enabled projects; activities include vendor reviews, security requirement definition, and facilitation of security testing and management of residual risk
  • Perform vendor security risk assessment activities that include evaluation of vendor controls and practices, process enhancements, performing on site assessments, reviewing security test reports, and analyzing and developing security requirements

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Entry Level

Number of Employees

251-500 employees

Job Search Resources

Similar Analyst, Information Security Risk job opportunities

Information Security Risk Analyst
Biogen SANDBOX
Biogen SANDBOX • Research Triangle Park, NC11d
Information Security Governance, Risk & Compliance Analyst
Midland Credit Management, an Encore Capital Group Company
Midland Credit Management, an Encore Capital Group Company • San Diego, CA13d
Senior Information Security Risk Analyst (GRC)
Biogen SANDBOX
Biogen SANDBOX • Weston, MA11d
Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton • McLean, VA7d • $62,000 - $141,000
Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton • McLean, VA6d • $62,000 - $141,000 • Remote
Information Security Analyst
Distro
Distro • Stamford, CT13d • $60 - $70 • Onsite
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service