The Senior Information Security Analyst will report to Senior Director and will be responsible for reviewing various IT activities relating to processes, controls, systems, data, policies, etc. The responsibility includes enhancing the company’s IT risk posture by providing advice and guidance to IT, non-IT personnel, and management worldwide.
Specific responsibilities include:
- Performs risk assessments as assigned utilizing IT security tools and methodologies i.e. CASB, Netskope. Summarizes risk for key applications particularly those that are cloud-based used by IT or other business units. Makes recommendations for corrective action and documents management decisions regarding acceptance or mitigation of risk scenarios.
- Consults, advises, and participates in the design of various IT processes and controls to support compliance with policies, standards, regulatory requirements, etc.
- Identifies and evaluates business and technology/securityrisks, internal controls that mitigate risks, and related opportunities for internal control improvement.
- Facilitates and monitors performance and compliance of risk remediation tasks.
- Generates innovative ideas and challenges the status quo when designing controls and processes.
- Collaborates with Information Security teams in the development of security assessment tools, policies, procedures, etc.
- Liaises with business units and vendors regarding the security maintenance of their systems and applications.
- Desire to learn and enhance security related metrics and reporting, particularly operational and risk data points.
- 7 years or more experience in the IT risk assessment, compliance, audit, security practices/solutions/methods, etc. i.e. SOX, PCI, Privacy, etc. (Big 4 experiencepreferred).
- Understanding of business processes, internal controls, risk management, IT controls and related standards.
- Thorough knowledge and understanding of current information risk assessment techniques required.
- Knowledge of IT risk framework such as those from COBIT, NIST, ISO, ITIL, etc.
- Strong analytical and organizational skills with demonstrated ability to plan and manage projects along with ensuring deliverables meet work plan specifications and deadlines.
- Should be a self-starter and lead the risk analysis in assigned areas with minimum supervision.
- Strong technical and/or management background in technical systems/environments.
- Strong written and verbal communication skills.
- Practical knowledge and experience with data analytics tools including Excel spreadsheets, MS Access/SQL, Tableau, etc. Advanced Excel skills preferred.
- Ability to utilize query language(s) and structures to obtain and capture specific data for evaluation and analysis.
- Skilled in creating and generating reports that can provide meaningful context to drive informed-decisions.
- Ability to readily collaborate and engage with others, both within and outside of IT to validate data/information, based on defined objectives.
- Experience with creating purposeful presentations that highlight critical and actionable data points.
- BA/BS degree in Computer Science, MIS or equivalent industry experience.
- CRISC/CISSP/CISM preferred.