Information Security Risk Analyst


The Information Security Governance and Risk Analyst is in charge of the Information Security Management System (ISMS), providing leadership and strategic direction to mitigate the organization’s information security risks through the Information Security Management System and related Controls framework.



  • This position is specifically responsible for supporting the maintenance of ISMS, as well as the verification and review of information security controls, documentation, and management reports on the effectiveness of controls via executive metrics, reports and dashboards
  • Performs information security risk assessments and assesses the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program
  •  Assist both internal and external audits relating to information security as well as performing independent audits to validate completeness and accuracy of the information security program
  • Develop remediation and corrective action plans with related governance and operational functions within the organization. Working with various teams to present corrective action plans with coordination with the security Team members
  • Own and revise information security policies, standards, procedures and guidelines, in conjunction with the Information Security Team
  •  Oversee compliance monitoring and improvement activities to ensure compliance both with internal security policies, process and procedures across the teams, regulatory and contractual requirements
  •  Maintain an accurate system, classification schedule and control inventory including identification of supporting roles and assets
  •  Support information security awareness, training, educational material and records
  •  Support BCP plans for the organization, assist in BCP exercises and track records identifying corrective action requirements
  •  Perform internal policy audits as required as defined in the security policy to validate compliance for the organization



  • At least 7 years of full-time work experience in IT, information security and/or related functions of technology
  • ISMS management experience
  • GRC Risk Management and/or Process Control
  • Experience performing risk management and analysis related activities
  • Understanding of ISO27001:2013 Framework
  • Strong understanding of technology processes, risks and issues including infrastructure, information security
  • Strong analytical skills
  • Solid communication skills
  • Attention to detail
  • Change management process and procedure
  • Ability to coordinate with outside teams regarding policies, procedures or standards, and controls
  • Bachelor’s Degree, BS in Information Technology or related field preferred


Leave a Reply