IT Security Risk Analyst

Apex is looking to fill an IT Security Risk Analyst position with a large client of ours in the Fort Lauderdale, FL area. The hiring manager is looking to do one and done interviews for qualified candidates with IT Security knowledge and Risk Assessment experience. If you feel like the below position is a good fit please apply directly.

Position: IT Security Risk Analyst

Length: 1-2-Year Contract – Potential for conversion

Rate: $45-55/hr on W2 – Potentially higher for the right candidate

Location: Fort Lauderdale, FL

**A lot of these responsibilities can be taught but the hiring manager needs someone with strong experience in IT security risk assessments. The most important part is having experience with writing risk assessments reports and strong communication. **

Summary:

Responsible for conducting Cyber Security risk assessments for third-party service providers. This person will be more focused on writing reports for high level executives. The hiring manager is looking for someone who has excellent written and verbal communication.

Must Haves:

Experience conducting IT Security Risk Assessments

Technical background to speak to vendors

Strong verbal and written communication

Nice to Haves:

Any GRC tool – ServiceNow, Archer, etc

Principal Responsibilities:

· Perform cybersecurity risk assessments of Suppliers and Third-Parties (vendors) to identify & validate threats, and remediate risks.

· Perform interviews with vendors and business units, walkthrough vendor controls, document assessments.

· Measure assessments against key controls and industry security standards, i.e., PCI-DSS, HIPAA, ISO27001:13, SSAE18-SOC2 Type2, etc.

· Create professionally written assessments that include findings, requirements, and recommendations to mitigate risk and provide visibility into the adherence to policies and procedures.

· Submit assessment findings, requirements, and recommendations to business partners.

· Develop trusted relationships with business partners, Supply Chain Sourcing and, other team members to gain consensus approvals on strategies, recommendations, findings and, project plans.

Experience:

· Understanding of emerging technologies, including but not limited to, mobile and cloud technology (PaaS, SaaS.)

· Analytical/critical thinking and problem-solving skills.

· Basic understanding of information technology, network security, encryption, incident management.

· Ability to contribute to consistent improvement model of team workflow processes, templates, and tools.

· Knowledge of NIST Cybersecurity Framework and how NIST supports the management and reduction of cybersecurity risk.

· Ability to keep up with a complex, high volume and, fast-paced assessment environment.

· Understanding of vendor questionnaires and responses e.g., SIG, CAIQ.

· Knowledge of technology industry best practices and standards, e.g., NIST, PCI-DSS, ISO, CSA, etc.

· Ability to simply articulate technical concepts in written and verbal form.