Sr. Information Security Risk Analyst

Sr. Information Security Risk Analyst - Long-term project Please send resumes to Project Overview:

• The Senior Information Security Risk Analyst will take a leading role in independently managing identified security risks to the organization.
• They will operate the company risk management program, evaluate security risks and provide guidance on appropriate risk mitigation activities with minimal oversight.
• The Analyst will proactively build and maintain relationships with business and technical stakeholders, by acting as a trusted advisor for security risk inquiries and concerns.

• Identify, assess, and track remediation of potential information security risks to the company and its operations
• Collaborate with business and technical representatives to identify and evaluate mitigating factors and remediation plans for addressing security risks to the organization
• Design, implement and drive information security risk management processes using company tools and technologies
• Build and maintain internal relationships to ensure alignment and partnership with key stakeholders globally.
• Support development and maintenance of the company-wide information security risk register
• Prepare and present reporting to senior GICS leadership on security issues and developing security risks to the organization
• Act as a point of contact for information security risk and compliance inquiries
• Lead scheduled and ad-hoc information security risk assessments of company initiatives, products, and departments against corporate policies and security best practices
• Provide subject matter expertise on the design and implementation of technical security controls to address known risks and noncompliance

• Bachelor's degree or above required, ideally in Information Systems, Cyber Security, or a related discipline
• 5 or more years of experience in designing, implementing, and assessing information security and compliance programs required
• Ability to build and maintain relationships with a diverse range of stakeholders globally required
• Ability to clearly and concisely communicate technical security topics to non-technical audiences and senior executives required
• Ability to associate technical security issues to business objectives and operational impacts required
• Ability to evaluate design effectiveness of technical security controls required
• Familiarity with common Information Security frameworks and Regulatory standards such as NIST, ISO27001, SOX, SOC 2 reporting, PCI, HIPAA or FAIR required
• Familiarity with secure development principles for operating systems, databases, applications and network infrastructure required
• Familiarity with vendor security assessment techniques preferred
• Familiarity with vulnerability management techniques preferred
• Familiarity with secure cloud configuration principles for AWS, Azure or Google Cloud environments preferred
• Familiarity with common Privacy regulations such as GDPR and CCPA preferred
• Familiarity with implementing and utilizing GRC tools an advantage
• Familiarity with secure application development practices an advantage
• Familiarity with common encryption technologies an advantage
• Familiarity with firewall technologies such as Palo Alto an advantage
• Familiarity with production and broadcast environments an advantage
• Achievement of one or more industry-relevant security certifications such as CISSP, CISM or CRISC an advantage