InfoSec Risk Mgmt Analyst - GRC (St. Louis)

About The Position

Requirements

• General knowledge of risk management methodologies.
• General knowledge of policy lifecycle processes.
• General knowledge in information security best practices and frameworks, including (but not limited to) NIST Special Publications and Cyber Security Framework, CIS Controls, ISO/IEC 27000 series, and OWASP Top 10.
• General knowledge of audit and compliance methodologies.
• General knowledge of laws and regulations related to information security and relevant to the organization, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
• Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls.
• Communicate and present concisely and effectively based on the appropriate level of management and audience.
• Manage competing deadlines and prioritize responsibilities to effectively meet business needs.
• Work both independently and as part of a team at all levels and across departments.
• Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together.
• Demonstrate leadership and problem-solving skills.
• Demonstrate proficiency in process formulation and improvement.
• Demonstrate knowledge of legal requirements for the privacy of personal information from employees and customers.
• Strong attention to detail in documenting policies, standards, and processes.
• Either a bachelor’s degree or 2 – 4 years of experience in the InfoSec field.
• General knowledge of a wide breadth of information security areas. Deep technical knowledge is not required.
• Excellent verbal and written communication skills. Able to communicate persuasively and influence others. Able to have difficult conversations with employees who do not follow policy. Able to explain technical information to customers, vendors, senior management, and staff. Able to apply knowledge and deductive reasoning.
• Permanent U.S. work authorization.

Nice To Haves

• A Cyber Security, Information Assurance, InfoSec, or Information Technology degree is preferred.
• Security certifications are preferred.

Responsibilities

• Perform scheduled and ongoing risk assessments and analyses on various business processes, projects, initiatives, and third parties, as applicable.
• Identify and evaluate potential risks and their impact on the organization's objectives, performance, and reputation.
• Coordinate and facilitate risk management activities across different departments and stakeholders.
• Monitor and review risk indicators and metrics and report on risk exposure and performance.
• Analyze and communicate risk trends, issues, and incidents and provide recommendations for resolution.
• Collaborate with Security Operations and other teams to validate assessment findings and establish remediation plans, as well as facilitate remediation of vulnerabilities and other security findings
• Assist with educating and providing awareness related to the risk management program to relevant stakeholders.
• Ensure the rigorous application of InfoSec policies, standards, and procedures in the delivery of all WWT products and services.
• Keep up to date on the latest security threats, laws, regulations, policies, and industry best practices.

Benefits

• Health, Dental, and Vision Care
• Onsite Health Centers
• Employee Assistance Program
• Wellness program
• Competitive pay
• Profit Sharing
• 401k Plan with Company Matching
• Life and Disability Insurance
• Tuition Reimbursement
• PTO and Sick Leave (starting at 20 days per year)
• Holidays (10 per year)
• Parental Leave
• Military Leave
• Bereavement
• Nursing Mothers Benefits
• Voluntary Legal
• Pet Insurance
• Employee Discount Program