Information Security Risk & Compliance Analyst

The security risk and compliance analyst is a member of the information security team and works closely with the other members of the team, the business, and other IT staff to develop and manage security for one or more IT functional area (e.g., data, systems, network, and physical) across the enterprise.

The candidate will be able to effectively understand standard risk methodologies and the implementation of security controls in an enterprise environment.

• • Work as part of a team to maintain security and integrity of corporate data and IT systems through activities including:
  • Develop and maintain enterprise security policies and procedures
  • Assist in the coordination and completion of information security risk assessments and documentation
  • Work with  information  security  management  to  develop  strategies  and  plans  to  enforce  security requirements and address identified risks
  • Report to management concerning residual risk, vulnerabilities, and other security exposures including misuse of information assets and noncompliance
  • Work with IT department and members of the information security team to identify, select and implement technical controls
  • Provide direct support to the business and IT staff for security related
  • Maintain an awareness of security and control issues in emerging technologies
  • Perform other duties as assigned

Educational Background:

• Bachelor’s degree in Computer Science, Information Systems, or other equivalent degree or experience
• Preferred Certifications (CISSP, CISA, CRISC, CRM, GSEC, etc.)

Position Requirements

• Strong analytical and problem-solving skills to enable effective security incident and problem resolution
• Microsoft Excel, Word, and Visio skill set for the creation, tracking and reporting of security metrics ( e. graphs, formatting, basic formulas)
• Proven ability to work under stress with the flexibility to handle multiple high-pressure tasks simultaneously
• Ability to work well under minimal supervision
• Strong team-oriented skills with the ability to interface effectively with a broad range of people and roles, including vendors and enterprise personnel
• Strong written and verbal communication skills
• Strong customer/client focus with the ability to manage expectations appropriately
• General understanding of risk management
• Knowledge of security methodology frameworks and regulatory requirements such as NIST, CIS, HIPAA, PCI, and FFIEC

Preferred Qualifications

• Understanding of enterprise risk management systems and automation platforms