IT Risk Analyst II

About The Position

Requirements

• Intermediate knowledge of User Awareness Training systems and Phishing Simulation administration
• Intermediate knowledge of SSO platforms (Okta, Azure AD), phishing simulation tools and vulnerability scanners
• Intermediate knowledge of of risk register administration and vendor risk management
• Intermediate knowledge of Windows and Linux workstations, Windows and Linux servers, and associated administration
• Strong reporting skills; ability to influence stakeholders and drive remediation commitments
• Project management skills and the ability to work within Information Security project implementations
• Motivated and organized self-starter with strong attention to detail and the ability to manage multiple priorities
• Inquisitive, agile and strong team player with excellent written, verbal and interpersonal communication skills
• Ability to remain adaptable and resilient to all situations with an optimistic outlook and cast a positive shadow that is aligned with our culture and Core Values
• Intermediate level proficiency with Microsoft Word, Excel and Outlook
• Bachelor’s degree in information systems, computer science or equivalent combination of education and experience required
• 3+ years in Information Security, with exposure to both operational security and risk management required
• Must be eligible to work in the US without sponsorship now or in the future

Nice To Haves

• 3+ years experience conducting contract reviews and assessing associated risk and compliance preferred
• Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), ISO 27001 Lead Auditor, or equivalent certifications preferred

Responsibilities

• Manage and maintain secure SSO integrations across enterprise applications
• Investigate and resolve incidents related to brand impersonation, credential leaks, and external threats
• Plan and execute phishing simulations; track and report user performance metrics
• Document and summarize security incidents for executive and audit reporting
• Compile and present key security metrics (MTTD, MTTR, vulnerability SLAs, awareness KPIs)
• Schedule and manage penetration testing engagements; track remediation efforts
• Oversee social engineering testing and ensure findings are addressed
• Conduct security risk assessments for new contracts and vendors; ensure compliance with standards
• Assign and review risk assessments for new applications prior to deployment
• Maintain risk register; secure commitment dates for vulnerability remediation and track progress
• Continuously monitor third-party service providers for compliance and security posture
• Develop and deliver training programs to improve security culture
• Analyze annual report findings and align internal controls to industry benchmarks
• Perform other duties as assigned

Benefits

• employer sponsored health, dental, and vision insurance
• 401(k)
• life insurance
• paid vacation
• paid personal time
• career development
• education assistance
• voluntary supplemental benefits