Our client, a global financial firm is seeking a Vendor Information SecurityRisk Analyst to join their team in Jersey City, NJ.
- Coordinate with stakeholders to initiate, scope and plan controls assessments vendor engagements
- Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls
- Produce detailed documentation of assessments and perform threat analysis of gaps identified
- Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks Validate evidence from vendors, before Remediation Plans are closed.
- Demonstrate in-depth knowledge of concepts, best practices and controls including: risk management, access control, cryptography, physical security, securityarchitecture and design, networksecurity, application and operations security and compliance/incident management --must have experience with Cloud Service providers
- Strong technical and IT audit background
- Working knowledge of a wide variety of technologies which include server infrastructure and operating systems, network and web infrastructures, databasearchitecture and intrusion detection/prevention systems
- Working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, NetworkArchitecture, SecurityEvent Logging and Monitoring, Key Management/Tokenization, Database/Application/Network Layer Secure Protocols, Physical and Environmental Security, Secure Software/Code Development, Change Management, Vulnerability Management.
- Knowledge of AUP
- IT Risk Management/Audit industry certification
- Time Keeping System
- CWMS Fieldglass