One of Infonet's premier clients has an opening for an Information Security Risk Analyst. (7748)
SCOPE OF WORK
• Assist with the evaluation of risk involving third party vendors and internal systems/applications
• Manage an automated, auditable, repeatable, and demonstrable program to manage information security risk to information assets
• This position assesses the risk of third-party vendors and internal applications/systems using structured interview processes, questionnaires, and review of security, compliance, and data protection documentation
• Assist in the execution of our risk management methodology that informs management of risks across the globe
• Assist with the IS risk assessment program assessments, remediation, and risk treatment processes
• Assist with improving IS risk management processes based on changing requirements
• Update organizational IS risk management policies
• Analyze third party vendor and internal application/system controls, documentation, and settings to identify information security risks
• Identify security issues and their potential impact on customer operations
• Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored
• Collaborate with business sponsors, technology departments, and third parties to communicate requirements, initiate, conduct, and complete risk assessments in a timely manner
• Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, technology departments, Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit, etc.
• Assist in developing and onboarding IS risk assessment tools, templates, and associated processes to provide transparent reporting on activities and portfolio management
• Assist with policy exception program and assist with policy and standards related to information security risk management
• Learn risk management best practices with fitment to business and operational model
• Review and analyze security contract language to align with information security policy
REQUIRED SKILLS / EXPERIENCE
• 1-3 years of Information Security experience
• 1-3 years of Information Technology experience
• Demonstrated experience in performing audit / compliance assessments
• Experience with internal project consulting to provide compliance and security requirements and guidance
• Experience with SOX, PCI-DSS, Global Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance requirements and controls
• Expert with Microsoft Office suite of applications, ability to convert raw technology metrics into meaningful reports for managers
• Practiced at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams
PREFERRED SKILLS / EXPERIENCE
• Knowledge of Information Security frameworks such as NIST, ISO, FISMA, etc.
• Knowledge of global privacy laws, regulations, and guidelines
• Bachelor’s degree in IT / IS, Computer Science, or related discipline
• Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience
• At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc.
• Yes – up to 20% local travel to meet with internal and/or external business partners
• Up to 10% international travel to internal offices and/or ships
** No 3rd party vendors ** Unable to sponsor H1-B visas **
Please refer to position: 050622ISRA - Information Security Risk Analyst: $50/hr in the subject line of all correspondence.
Please select the "Apply Now" button. We look forward to reviewing your resume and speaking with you personally.