IT Risk Analyst II

About The Position

Requirements

• Knowledge of concepts and principles in information security functional areas such as cloud security, firewalls and security mediation services, identity and access management, industry standard security frameworks, security controls, and compliance frameworks.
• Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
• Strong communication skills with all levels of the business and the ability to leverage knowledge of the appropriate approach and degree of detail for each.
• Remain up to date with emerging threats, best practices, and relevant frameworks, guidance, and legislation.
• Capable of managing varied assignments and working independently.
• Ability to define problems, collect data, establish facts, and draw valid conclusions.
• Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
• Experience with methods used in performing risk analyses and assessments and measuring cybersecurity compliance.
• Experience maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.
• Experience in working with compliance and regulatory program requirements.
• Bachelor's Degree in a related field required
• 4-6 years experience in IT security audit, architecture, engineer, risk monitoring, and/or equivalent combination of education and experience required

Nice To Haves

• CISSP – Certified Information Systems Security Professional preferred
• CISA – Certified Information Systems Auditor preferred
• CEH – Certified Ethical Hacker preferred
• CCSP – Certified Cloud Security Professional preferred
• GSEC – GIAC Security Essentials Certification preferred
• GISP – GIAC Information Security Professional preferred

Responsibilities

• Leverages technical knowledge to assist in developing and enhancing cyber and information security policies, procedures, and standards.
• Works with Enterprise Architecture to assist in developing and enhancing the information security architecture standards and IT security technology roadmaps.
• Researches and evaluates proposed new technologies and platforms to ensure the appropriate technical security controls are specified in the requirements and are in alignment with the security reference architecture and security controls framework.
• Provides security consulting on projects to ensure solutions are designed in accordance with security architecture and that security configurations are properly implemented.
• Performs technical security assessments against FIB’s existing infrastructure and products to ensure compliance with security architecture, policies, standards, procedures, and industry best practices.
• Monitors and matures the risk-based IT security metrics, scorecards, and dashboards to track cybersecurity performance and trends across the organization.
• Assists the business in identifying root causes and develops mitigation for deficiencies.
• Works with various groups during product upgrades or new product design to ensure security best practices are implemented.
• Performs technical reviews of third-party cyber and information risk.
• Researches emerging technologies in support of security enhancement and development efforts.

Benefits

• Generous Paid Time Off (PTO) in addition to paid federal holidays.
• Student debt employer repayment program.
• 401(k) retirement plan with a 6% match.