Select your country: United States Canada Deutschland

Risk Analyst - Plano, TX #4550388


Company: Rose International INC

Date: 02/13/2018

Category: Insurance

City: Plano, TX

Position Title: Risk Analyst


Position Number: 276324


Location: Plano, TX


Desired Skill Set:


CISA, CISSP, SOX


Position Description:


Only U.S. Citizens and those authorized to work in the U.S. can be considered as W2 candidates.


Job title: Information Security Risk Analyst


Location: Plano, TX


Duration: 12+ months


Description:


Our client’s Information Security Risk & Policy Governance is the practice of assuring information and managing risks. This group supports security risk management, including third party risk, certification and metrics, audits and assessments and well policy governance and exception management.


Their Information Security Team is looking for a contingent resource to work on multiple efforts within the department.


Responsibilities:


Develop and aid implementing risk management framework for security. Support and help mature the security risk management program ongoing. Should be familiar with general governance, risk and compliance (GRC) programs with specific knowledge of vendor risk and policy management.


Perform Third party and application risk reviews, including initial risk, ongoing residual risk, and attestation campaigns.


Gather and analyze metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently. Should be familiar with general security risk management principals and best practices.


Support the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities. Be able to work as a liaison between the audit/assessment teams and Information Security management. Assist with evaluation and testing as well as work with the applicable teams to track, address, and remediate audit and assessment findings to closure.


Manage policy exceptions with Business Unit requestors and coordinate the annual exception review process. Requires working directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly. Provide process improvement suggestions for more effective management and review of exceptions.


Support and help maintain risk appetite frameworks focused on security and business continuity risks. Additionally, support and maintain other general regulatory risk assurance program functions.


Support where needed, regular IT general controls (ITGC) activity reviews. Activity reviews require general knowledge in the areas IT management, acquisition and maintenance of systems, system operations and information security control activity.


Coordinate the selection and timing execution of external penetration testing for security.


Key Objectives:


Provide proven expertise and knowledge in Governance, Risk and Compliance (GRC), internal and external audit and assessment support and Information Security assurance initiatives.


Meet or exceed in providing an advisory and/or support role for the items listed in the summary of responsibilities above.


This role will support what is considered core functions of the Information Security team.


Must Haves:


BS or BA degree in a related field or equivalent work experience


Minimum 5 years in information security, IT compliance, or security/IT risk related field


Strong oral and written communication, as well as good interpersonal skills


Knowledge and experience in standard security and regulatory frameworks including ISO 27001/31000, NIST, GLBA, SOX, FFIEC and PCI.


Possess the ability to solve a wide range of complex problems, requiring ingenuity and innovation


Preferred/Nice-to-haves:


Experience using GRC platform


Current Certified Information Systems Security Professional CISSP certification (or similar security profession certificate)


Current Certified Information Systems Auditor CISA certification (or similar)


  #CBRose#

Send me a reminder to complete this application


Rose International is an Equal Opportunity Employer. All qualified applicants


will receive consideration for employment without regard to race, color, religion,


sex, national origin, arrest and conviction records, or any other characteristic


protected by law. Positions located in San Francisco, California will be administered


in accordance with the Fair Chance Ordinance.


You need to be authorized to apply for this job.

You can find the authorization form on the right panel or below the content area if you use a mobile device. If you don't have an account yet please Sign Up now.



Similar jobs

Select your country: United States Canada Deutschland