Client is seeking a Risk Analyst III. Reporting to the Director of Enterprise Information Security, the individual contributor is accountable for supporting the development and implementation of an Enterprise Risk Management program and related processes. Will work collaboratively with the corporate business groups to ensure a consistent and integrated approach is applied to Risk Management that aligns to the overall business mandate. As a representative of Enterprise Information Security (EIS) the position supports the appropriate design, implementation, and/or execution of the Risk Management function. This position requires a tenacious individual with strong communication, problem-solving, relationship and consensus-building skills and a high degree of personal initiative and attention to detail.
Develop and maintain IT Risk Dashboard that provides current IT Risk posture
Gain knowledge of existing IT Risk scenarios, when and how to apply them. Enhance/develop new scenarios as appropriate.
Partner with business units to ensure security controls are implemented as part of new projects and business as usual enhancements.
Document assessment results in IT Risk register, drive risk management processes such as acceptance, mitigation, avoidance, track action plans and ensure processes are being followed
Review new regulatory guidelines from ISO, PCI, NIST etc. and compare against existing controls, policies and processes. Identify gaps, propose new controls to close gaps and drive creation and adoption of the controls.
Regularly assess the adequacy and effectiveness of IT controls, security policies, and remediation activities to ensure alignment with organizational risk tolerance, and compliance with laws, regulations, industry mandates, and contractual obligations. Initiate actions to ensure that compliance, security and risk gaps are successfully remediated or mitigated with compensating controls.
Maintain mechanisms to determine measure and report to management an accurate view of IT risk, including, but not limited to repeatable risk identification and evaluation processes, scorecards, surveys, heat maps, and risk register. Provide information risk management consulting to business units.
Coordinate and ensure the appropriateness of responses to technology audits and audit-related activities.
Participate in process improvement initiatives.
Overall business experience
Information Technology experience with focus on IT Security/Risk
College degree in related technical / business areas
CISSP or CISM Preferred
Prior experience working with diverse, cross-functional, cross-departmental projects and technologies
Well-rounded understanding of technology, operations and key business processes
Information Technology experience with focus on IT Security/Risk: 7 years
Strong interpersonal skills
Excellent written and verbal communication skills
Intermediate to advanced proficiencies with MS Excel, MS Word, and MS PowerPoint.
Demonstrates a high degree of ethics; instills trust and credibility
Effectively identifies, collaborates and maintains relationships with relevant stakeholders
Portrays strong facilitation, negotiation, and conflict resolution skills
Demonstrates superior analytical, writing and presentation skills
Translates requirements and risk concepts into relevant and understandable terms.
Manages individual workload to deliver with excellence on simultaneous projects and priorities each with tight schedules
Experience with GRC tools. Archer experience is a plus
Familiar with risk and control frameworks, and process improvement models (e.g. PCI DSS, NIST RMF, HIPPA, ISO 27002, ITIL)
Experienced in policy development & management
Possesses knowledge of security technologies