What are the responsibilities and job description for the Senior Cyber Security Risk Analyst position at GAF?
About GAF
GAF is a company that empowers its employees to make a positive impact on their teams, customers, and community.
We strive to be market leaders by providing opportunities for everyone to thrive and succeed.
Cybersecurity Risk Analyst Job Summary
The Cybersecurity Risk Analyst will work on various initiatives to improve the security posture and reduce risks within the organization.
Key Responsibilities:
- Lead the risk management process, identifying cybersecurity risks, assessing business impacts, and developing risk responses.
- Oversee the implementation and measurement of key security control measures, including periodic control assessments.
- Manage third-party risk management, conducting vendor risk assessments and reporting risks.
- Redefine control and audit mechanisms to maintain compliance with standards and associated controls.
- Collaborate with stakeholders to identify information asset owners and classify data and systems.
- Perform risk and control assessments, review vendors, and develop approaches to remediate and mitigate identified risks.
Requirements:
- Bachelor's Degree in Computer Science, Information Systems, Cyber Security, or relevant technical degree.
- 5 years of experience in cybersecurity governance, risk assessment, cybersecurity architecture/engineering, vulnerability management, education & awareness.
- Influence and negotiation skills to partner with stakeholders across the organization.
- Knowledge and understanding of information risk concepts and controls such as CIS Top 20.
- Ability to interact comfortably with personnel across multiple organizations and build strong relationships.
- Prior hands-on technical experience in networking, server/cloud infrastructure, identity management, vulnerability management is desirable.
- Strong technical risk analysis skills and prior experience with UpGuard, AuditBoard, SAP GRC, and ServiceNow is desirable.
- An industry recognized Information Security accreditation such as CRISC, CISSP, or CGEIT is preferred.
Benefits:
- A wide range of health insurance options, including medical, dental, and vision for you and your family.
- Family-Building benefits supporting different journeys to fertility and parenthood.
- A robust 401K plan with an employer match contribution.
- Other exciting programs and perks, including wellness programs, financial coaching, referral programs, and product rebates.
- Internal training programs and courses, as well as a generous tuition reimbursement program.
- Diversity and inclusion through Employee Resource Groups.
- Reasonable accommodations for applicants and employees with disabilities.