IT SECURITY RISK ANALYST

$93,600 - $114,400/Yr

ASGN - Palm Beach, FL

posted 2 months ago

Full-time
Remote - Palm Beach, FL
Administrative and Support Services

About the position

The IT Security Risk Analyst will play a crucial role in conducting cybersecurity risk assessments for third-party service providers. This position is primarily focused on evaluating and reporting on the security posture of vendors, ensuring that they meet the organization's risk management standards. The analyst will be responsible for performing thorough assessments that identify and validate potential threats, as well as recommending remediation strategies to mitigate risks. The role requires strong written and verbal communication skills, as the analyst will need to articulate findings and recommendations to high-level executives and collaborate with third-party vendors. In this position, the analyst will conduct interviews with vendors and business units, walk through vendor controls, and document the results of assessments. They will measure these assessments against key controls and industry security standards such as PCI-DSS, HIPAA, and ISO27001:13. The ability to create professionally written assessments that include findings, requirements, and actionable recommendations is essential. The analyst will also be expected to submit these findings to business partners and develop trusted relationships with various stakeholders, including Supply Chain Sourcing and other team members, to gain consensus on strategies and project plans. The role is designed for individuals with a solid background in IT security and risk assessments, and while many responsibilities can be taught, the hiring manager emphasizes the need for candidates to have prior experience in these areas. The position is remote with one onsite requirement per quarter, making it essential for the analyst to be adaptable and capable of working in a fast-paced environment.

Responsibilities

  • Perform cybersecurity risk assessments of Suppliers and Third-Parties (vendors) to identify & validate threats, and remediate risks.
  • Conduct interviews with vendors and business units, walkthrough vendor controls, and document assessments.
  • Measure assessments against key controls and industry security standards, i.e., PCI-DSS, HIPAA, ISO27001:13, SSAE18-SOC2 Type2, etc.
  • Create professionally written assessments that include findings, requirements, and recommendations to mitigate risk and provide visibility into adherence to policies and procedures.
  • Submit assessment findings, requirements, and recommendations to business partners.
  • Develop trusted relationships with business partners, Supply Chain Sourcing, and other team members to gain consensus approvals on strategies, recommendations, findings, and project plans.

Requirements

  • Experience in IT Risk Assessments.
  • Strong IT background with knowledge of cybersecurity principles.
  • Understanding of emerging technologies, including mobile and cloud technology (PaaS, SaaS).
  • Analytical/critical thinking and problem-solving skills.
  • Basic understanding of information technology, network security, encryption, and incident management.
  • Experience with Risk Management Platforms such as Galvanize / Archer.
  • Knowledge of NIST Cybersecurity Framework and its application in managing and reducing cybersecurity risk.
  • Ability to keep up with a complex, high volume, and fast-paced assessment environment.
  • Understanding of vendor questionnaires and responses e.g., SIG, CAIQ.
  • Knowledge of technology industry best practices and standards, e.g., NIST, PCI-DSS, ISO, CSA, etc.
  • Ability to articulate technical concepts in written and verbal form.

Nice-to-haves

  • Experience with GRC tools.
  • Knowledge of IT Controls, SOC 1 or 2 report, and auditing.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service