Security risk analyst - #9677047

DPP is seeking a Security Risk Analyst for an opportunity in Columbia, SC. This role requires the ability to earn a low-level security clearance. Work Arrangements

• Partially onsite, 1 day a week onsite, but could also be required to come in more for important meetings, etc.
• W2 position; 12 months.
• US Citizen.

Summary:

• Management of risk management activities: Process, monitor, and report on security/compliance risk items.
• Conduct research and assessments on security related topics (policy, third-party, security processes).
• Facilitate meetings and conduct presentations with different levels of management.
• The ideal candidate is comfortable with a variety of frameworks, not just one; and has experience with managing different security frameworks. Examples include:
  • NIST Cyber Security Framework experience.
  • MARS-E 2.0 (Minimum Acceptable Risk Standards for Exchanges) experience.
  • NIST SP 800-53 control interpretation and implementation experience.
  • CMMS Acceptable Risk Safeguards experience.

Top skills:

• Microsoft Excel, Word, PowerPoint, and SharePoint (intermediate)

Preferred skills:

• Auditing
• Microsoft Visio
• RSA Archer
• Service Now (intermediate)

Minimum required work experience:

• 6 years of IT experience including 4 years of IT security, risk assessment and/or compliance experience.
• Successful completion of the client’s I/S Entry Level Training Program (ELTP) may be substituted for 2 years of IT experience

Job/class description:

• Plan and perform compliance and risk assessment activities for information systems and related processes. Communicate and escalate compliance and risk issues to the appropriate department and/or level of management. Act as a change agent to influence the I/S and corporate compliance culture.
• Independently monitor remediation of new and outstanding issues, including Information Security Risk Exception process, to ensure identification of areas of non-compliance. Utilize tools to track and report on compliance posture.
• Independently conduct formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks.
• Facilitate development, implementation and documentation of Information Security policies, procedures, processes, and programs to guide organization toward continuous compliance. Independently analyze and interpret security regulations and controls to advise on security compliance at a broad perspective across multiple business areas. Consult on organizational impacts of compliance and risk management decisions.
• Serve as an interface with external entities for governance and compliance reviews regarding information security risk across multiple business areas and controls.
• Independently investigate, document, and resolve Information Security Incidents. Advise senior management of critical issues that may affect organization.
• Research emerging security topics, threats, and capabilities to create/update policy and governance. Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards, and best practices.

Required knowledge, skills, and abilities:

• Good understanding of Systems Development Life Cycle methodologies.
• Subject Matter Expert in government or private risk frameworks and control implementations.
• Good understanding of risk management, information system security and compliance standards.
• Excellent analytical and decision-making skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to independently solve problems often spanning multiple environments and business areas.
• Ability to effect change and bring security, risk, and compliance knowledge to the organization using positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets, and communication protocols.
• Strong communication skills in presenting results both verbally and in writing.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
• Standard office equipment.
• Good communication skills in presenting to customers and senior management both verbally and in writing.
• Flexible in adapting to change or developing new security strategies/processes.
• Facilitate collaboration with others in solving problems and providing recommendations.

Work environment:

• This is a small team that works with many teams across the company. They currently oversee multiple strategies, such as Enterprise Risk Management and Third-Party Risk Management. They support over 20 lines of business under the Client umbrella. Manage Corporate Security Framework (Corporate Security Policies). The team conducts risk assessments periodically and present results to senior management. They also conduct research and analysis on security/compliance related topics.
• Fast paced, multi-platformed environment which may require action and response 24X7 to support the technical business needs of the customer.

Required education/equivalencies:

• Bachelor’s degree in Computer Science, Information Technology, or other job-related degree;
• OR, Associate’s degree in CS, IT, or other job-related degree plus 2 years of work-related experience;
• OR, 4 years job-related work experience (total 10 years without a degree)

Interested? Learn more:Click the apply button or contact our recruiter Lori at *************@dppit.com to learn more about this position (#23-00648). DPP offers a range of compensation and benefits packages to our employees and their eligible dependents. Call today to learn more about working with DPP. US Citizenship: This role requires the ability to obtain a low-level security clearance. EOE/AA/V/D