Home

CYBER SECURITY RISK ANALYST at Remote, Remote, USA
Email: [email protected]
From:

Badal kanojia,

stellentit

[email protected]

Reply to:   [email protected]

CYBER RISK ANALYST

Deerfield Bch, Florida

Phone+Skype

Job Description:

Conduct Third-Party Risk assessments and manage Infosec Third-Party Risk Management (TPRM) program.

Communicates risk assessment findings to information security "customers, or business partners.

Provides consultative advice to information security customers that enables them to make informed risk management decisions.

Maintain risk management initiatives in GRC/TPRM platform(s).

In-depth knowledge of information security management system standards (e. g. SOC 2), frameworks, information technology regulatory and compliance requirements (e. g., PCI-DSS, GDPR, CCPA, HIPAA,), and industry best practices, particularly around TPRM.

Performs focused risks assessments of existing or new services and technologies.

Identifies and implements appropriate controls to effectively manage information risks as needed.

Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.

Work closely with Information Security Architecture, Engineering, and relevant operational teams to gather data and insights leading to holistic risk security awareness.

Conduct periodic internal assessments for security risk.

Conduct ongoing research to keep current of latest security issues, threats, and technical capabilities.

Perform other essential duties as assigned.

Desired Skills

Working knowledge of Third-Party Risk Management (TPRM) program tools, such as ProcessUnity/Prevalent.

An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

Knowledge of security and privacy frameworks (e.g., NIST CSF, 800-53, CIS CSC, COBIT, CCPA, HIPAA, ISO 27001/2).

Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.

Qualifications/Requirements

8+ years of experience within large scale information security risk management programs.

8+ years of Information Technology and/or Information Security experience.

Strong grasp of key elements for a successful Risk Management Program and related frameworks or standards (e. g. NIST, ISO, COBIT), particularly as it relates to running a Third-Party Risk Management (TPRM) program.

Demonstrated knowledge of a broad range of technical concepts: logical access control, agile development process/DevSecOps, secure coding principles, security architecture frameworks and methods, information security, network security, and privacy.

Experience with interpreting results of scanning and compliance tools such as Qualys/Nessus/Rapid7/Laceworks as it pertains to documenting information security risk(s).

Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team-player with a can-do attitude.

Excellent written and verbal communication skills and ability to interface with all levels of business and executive leadership.

Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude.

Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism.

Demonstrated ability to troubleshoot complex problems and recommend appropriate actions.

License / Certificate (any of the following a plus):

CISSP, CISM, CIPP, GIAC, CRISC, CISA

Keywords: information technology
[email protected]
View all
Wed Dec 06 20:44:00 UTC 2023

To remove this job post send "job_kill 913784" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.


Your reply to [email protected] -
To       

Subject   
Message -

Your email id:

Captcha Image:
Captcha Code:


Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]
Time Taken: 0

Location: ,