The IT Security & Risk Analyst will support the Information Security Governance and Compliance function, ensuring the firm is able to address rapidly changing threats, technologies, and business conditions.
Reporting to: Manager, IT Security & Risk
Duties and Responsibilities:
Conduct and Manage internal risk reviews of new or existing infrastructure and applications
Conduct and Manage 3rd party risk assessments
Assist w/ Client assessments and ongoing compliance
Follow-up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal/external audits to ensure that appropriate remediation measures have been taken.
Collaborating with control owners and key stakeholders to meet outside counsel guidelines or contractual requirements around information security standards
Produce metrics and dashboards to monitor the completion of control objectives and tracking of deficiencies or gaps in program requirements
Provide consulting to internal projects and efforts on security requirements and potential risks
Propose changes to existing policies, standards, and procedures to minimize risk and ensure compliance to client and applicable regulatory requirements
Assist with Security Awareness Initiatives
Maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established policies, standards, and practices
Bachelor’s degree or four or more years of work experience.
Two or more years of relevant work experience.
Experience in Information Security, Technology, IT Operations, or Security Risk Management.
Effective interpersonal skills and the ability to thrive in a team environment.
Bachelor’s degree in Information Systems, Technology or related field.
Any of the following Certifications: CRISC, PMP, CISSP, CISM.
Knowledge of emerging technology and the security governance implications.
Demonstrated understanding of security risk management concepts, cybersecurity frameworks, control standards, secure coding principles, and security technologies.
Knowledge of information security fundamentals, best practices and industry standards with prior responsibilities of protecting information assets.
Knowledge of laws, regulations, and requirements related to Information Security (i.e. HIPAA, GDPR, Payment Card Industry, Domestic and International Privacy regulations)
Ability to balance various projects simultaneously.
Excellent written and verbal communication skills.
Excellent documentation and organizational skills.