To Apply for this Job Click Here
Job Title: Information Security Risk Analyst
Position Summary:
The Information Security Risk Analyst is responsible for conducting application risk assessments, third-party risk assessments, and control/compliance evaluations. This individual will collaborate with various IT teams to provide security expertise and ensure proper risk management processes are documented and improved. The role also involves identifying, remediating, and communicating application-level risks across the organization.
Scope of Position:
This candidate will perform risk assessments on both internally and externally hosted applications. They will evaluate security risks, identify potential vulnerabilities, and work to remediate and communicate risks within the organization.
Duties and Responsibilities:
Support & Maintenance (75%)
Support:
- Conduct routine risk assessments and security control evaluations under general direction.
Maintenance:
- Assess application risks across the organization under general supervision.
- Perform third-party risk assessments with guidance.
- Assist with data classification and data governance standards.
- Conduct routine assessments of information security controls and business practices.
- Execute technical analysis functions to ensure compliance with IS security requirements.
- Audit computer access to validate the existence of appropriate controls and ensure compliance with IT security standards.
- Assist in maintaining Identity & Access Management, including legal and regulatory compliance requirements.
- Support Security and Privacy Officers in investigations.
Projects (15%)
- Provide project consultations for the development, implementation, and administration of infrastructure security devices and tools, such as access controls, firewalls, IPS, and authentication devices.
- Evaluate acquisition requests for security compatibility.
- Assist in developing and implementing technical security standards.
- Coordinate with IT staff to enforce information security policies, standards, and procedures.
- Provide security specifications for vendor products.
- Support IT security areas, including security documentation management, program governance, risk management framework and strategy, information security awareness and training, and IT security certification and accreditation coordination.
- Assist in contingency plan development and evaluation.
- Participate in specialized information security projects.
- Document and complete assigned tasks.
Other Responsibilities (10%)
- Manage and respond to work-related emails appropriately.
- Attend and contribute to team meetings and group discussions.
- Provide status reports and track time on a weekly basis.
- Participate in departmental committees and administrative duties.
- Stay informed on new technological advances in information security and recommend relevant acquisitions.
- Engage in professional development activities.
- Perform additional duties as assigned.
- Maintain required certifications as a condition of employment.
Qualifications:
For Hire:
- Bachelor’s degree in cybersecurity or a related field, or at least 2 years of experience as a systems analyst.
- Demonstrated knowledge of information security best practices.
- Understanding of the risk assessment lifecycle and risk management principles.
- Strong verbal and written communication skills.
Ongoing:
- Continuously enhance knowledge of information security analysis methodologies and techniques.
- Stay updated on industry developments related to security standards, system interfaces, communication protocols, and computing platforms.