Gov Risk & IT Compl Analyst II

About the position

This position coordinates activities for the creation, implementation, and execution of strategies and programs designed to reduce and mitigate information security risk across the enterprise. The role supports enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately in accordance with organization policies, standards, and processes in accordance with business needs.

Responsibilities

• Identify risks through a practical but comprehensive evaluation process.
• Assist in the implementation of a proactive approach to risk management.
• Analyze, enforce, and report on governance, risk, and compliance in alignment with applicable industry frameworks, policies, standards, and processes.
• Conduct, analyze, and improve vulnerability scanning across the enterprise.
• Provide assessment reports and metrics outlining the overall cybersecurity posture within the organization, recommending viable remediation actions and milestones.
• Assist in engagements involving Operational Risk and ERM, emphasizing assisting businesses with the assessment and improvement of their risk management processes and program.
• Support vision, leadership, planning, project coordination and management for the development of a cost-effective department while concurrently facilitating efficient operations to meet current and future business needs within the organization.
• Participate in the development of programs as a strategic partner that supports the company plan.
• Conduct business unit self-assessments and reporting package development.
• Support establishing consistent policies and standards across the enterprise to enforce ownership and accountability.
• Leverage technology to aggregate controls, risk, and compliance information to rapidly identify and report exceptions.
• Validate the efficacy, sustainability, and implementation of existing controls.
• Promote and raise awareness of cybersecurity programs and posture, driving change and influencing proper cybersecurity hygiene within the organization.
• Communicate technological and cybersecurity concerns to relevant business entities.
• Maintain in-depth awareness of current cybersecurity trends and technology.
• Create, disseminate, and/or amend procedural and technical documentation on an as-needed basis.
• Represent the company in community and industry programs and conferences.
• Balance workload to optimize the effectiveness of the department.

Requirements

• Bachelor’s degree in computer science or related field required.
• 5 years of experience in information risk, security, and governance, transforming functions and changing culture.
• Experience with responding to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail.
• Extensive experience in information security architecture, process management, and strategic planning.
• Experience with classified networks, information classification, and confidentiality requirements associated with high security environments desired.
• Certification or progress toward certification is required.

Nice-to-haves

• HITRUST experience preferred.
• Basic understanding of cybersecurity frameworks along with the hardware and software they are designed to protect.
• Knowledge of technological trends and developments in information security and risk management.
• Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks.

Benefits

• Continuous learning, as defined by the Company’s learning philosophy, is required.