Security Risk Analyst

Location: Raleigh, NC
Date Posted: 10-10-2018
Security Risk Analyst
Raleigh NC
Our client is looking for an Information Security Risk Analyst Contractor with 5-7 years of information security experience.
  • This position reports to the Associate Director, Team Lead, of Information Security Governance. The incumbent will conduct information security risk assessments to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, developing remediation plans, and publishing reports of results.
  • The incumbent must have a working knowledge of security frameworks, preferably NIST CSF and NIST 800 series.
  • There are two contractor positions open; we are seeking to fill the positions based on the principal duties and responsibilities defined as follows:
    Principal Duties and Responsibilities
  • Implement Security & Awareness Messaging to align with a monthly pre-defined awareness theme, and quarterly phishing campaigns/reports
    Perform IS Vendor Risk Assessments
  • Write Policies and related supporting documentation, such as standards and procedures
  • Assign Data Risk Classifications for assets defined in EOS, Our clients system of record, and build and train end users on the self-service model
  • Assist with the development and implementation of controls in alignment with NIST standards
  • Develop the exception handling process
    Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements
    Provide administrative support and development for the SharePoint Online site migration for the CISO organization
  • Serve as an information security liaison to Our client business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions)
  • A Bachelors degree in Computer Security / Science or Information Security; or equivalent experience required
  • Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, or other related studies preferred
  • A minimum of 5-7 years experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role.
  • Experience with development and implementation of information security awareness and education programs.
  • Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT.
  • Proven experience with control monitoring principles and practices.
    Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR)
  • Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions.
  • Excellent analytical and problem-solving skills
    Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
  • Excellent verbal and written skills
  • Flexible and able to adapt quickly to changing technology
  • Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance.
  • Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint
  • Experience using an automated GRC tool (i.e. RSA Archer) is a plus
    Biotech and IT experience preferred

Key Business Solutions, Inc.
|| Office: 916 646 2080 Ext 223 || Fax: 916 646 2081
Note: This email is not intended to be a solicitation.  Please accept our apologies and reply in the subject heading with REMOVE to be removed from our Mailing list.
this job portal is powered by CATS