IT - INFOSEC RISK ANALYST

Location: Sacramento, CA
Salary: $40.00 USD Hourly - $48.00 USD Hourly
Description: Our client is currently seeking a IT - INFOSEC RISK ANALYST

Job Title: IT - InfoSec Risk Analyst
Reports To: Manager - IT - Governance, Risk, and Compliance
Department: IT - Governance, Risk, and Compliance
Pay Rate: $40.00-$48.00

Work Hours: 8:00 AM - 5:00 PM, Monday to Friday (Hybrid)

Position Overview:

The IT - InfoSec Risk Analyst is responsible for supporting the company's security direction and enhancing its security posture. The role entails analyzing, implementing, and maintaining security policies while ensuring compliance with key frameworks. This position requires expertise in IT security, vendor risk assessments, and third-party risk management. The analyst will work closely with the IT team and security leadership to assess, validate, and improve the security program, ensuring the business's resilience to external threats.

Key Responsibilities:

1. Risk Analysis & Assessment:
• Conduct enterprise-wide risk analysis in collaboration with compliance and security teams.
• Evaluate the effectiveness of security programs across various business units.
• Document and recommend security improvements that balance risk with business needs.
• Maintain oversight of third-party vendors and business partners, escalating risks to GRC management when necessary.
2. Security & Compliance Monitoring:
• Monitor security changes related to regulatory, privacy, and industry standards.
• Collaborate with security and audit teams to assess and manage the security program.
• Ensure that internal and external audits are managed effectively, resolving non-compliance issues promptly.
• Provide ongoing security program assessments and contribute to the creation of strategic technology and budgetary directives.
3. Incident Response & Disaster Recovery:
• Participate in incident response tracking, ensuring strict documentation and resolution.
• Act as a liaison for disaster recovery and business continuity in compliance with security frameworks.
4. Vendor Risk Management:
• Conduct IT vendor risk assessments, due diligence, and risk reviews to mitigate external threats.
• Maintain a strong focus on third-party security and manage vendor relationships to ensure compliance with company security policies.
5. Documentation & Reporting:
• Ensure up-to-date security configuration documentation for systems and processes.
• Develop and report qualitative and quantitative metrics to measure the success of the GRC program.

Qualifications:

• Experience:
• 5 years of cybersecurity experience, with at least 2-3 years of exposure to security frameworks and risk management.
• Extensive experience with regulatory requirements such as PCI, SOX, HIPAA, GDPR, and others.
• Strong understanding of risk management, cybersecurity controls, and incident response.
• Education:
• Bachelor's degree in Business Administration, Management Information Systems, Computer Science, or a related field. Advanced degrees preferred.
• Certifications:
• Certifications such as CISSP, CRISC, CISA, CIPP, CISM are highly regarded.
• Skills:
• Strong written and verbal communication skills.
• Ability to build trust and strong relationships with senior management.
• Analytical and problem-solving skills to assess complex security strategies.
• Knowledge of security tools, incident management, and regulatory compliance frameworks (e.g., ISO 27001, NIST).

Contact:

This job and many more are available through The Judge Group. Please apply with us today!

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.