Senior Information Security Risk Analyst

Entreprise: OneinaMil
Type d'emploi: Temps plein

We are looking for a Senior Information Security Risk Analyst to identify, investigate, analyze, and recommend information security guidance to ensure organizational assets and processes maintain confidentiality, integrity, and availability. The Information Security Risk Analyst will also assess processes and systems against applicable regulations, industry standards, and internal policies, directives, and standards.
What You'll Do:
* You will perform comprehensive information security risk assessments and ensure alignment of residual risk and risk thresholds.
* You will foster a culture of collaboration and responsible risk management through the definition and adherence to appropriate risk thresholds, control frameworks, policies, and directives.
* You will serve as Information Security subject matter expert for business line projects and participate in the development, implementation, and maintenance of information security standards.
* You will evaluate technology and business projects and requirements, and recommend security controls.
* You will communicate information security risk issues and control gaps through security governance processes.
* You will identify and evaluate complex technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
* You will perform contract risk assessments and compliance monitoring to ensure adherence to applicable industry and corporate regulations and standards.
* You will analyze data to produce appropriate metrics.
* You will contribute knowledge and recommendations for risk-based assessments on emerging technologies, vulnerabilities, threats, and associated risks.
Outstanding benefits, a competitive salary, and bonus potential!
Requirements
* You have a bachelors degree in Information Assurance, Information Systems, Risk Management, Auditing, Computer Science or another related field with eight (8) years relevant experience, or an equivalent combination of education, training, and work experience
* You have at least three (3) years of information security risk management/assessment experience.
* You possess a CISSP, CISM, CISA, CRISC, or equivalent industry-recognized certification preferred.
* You have experience in application development and/or application security with solid knowledge of SDLC.
* You have expertise in application security, vulnerability testing, and development of risk thresholds.
* You have significant experience evaluating/implementing cybersecurity controls.
* You have a strong knowledge of industry risk analysis approaches (ISO, COBIT, COSO) as well as all industry regulations and standards (SOX, GLBA, FFIEC, OCC, HIPAA, PCI DSS, NIST, OWASP).
* You have excellent communication and presentation skills.
* You have authorization to work for any employer in the U.S. without current or future sponsorship.
While remote work may be authorized temporarily due to the pandemic, onsite work is strongly preferred in the future.
Benefits
Amazing benefits and competitive salary!!