Senior Information Security Risk Analyst
Permanent, Direct-Hire Job Opportunity
Marlborough, MA (with flexibility to travel to Boston weekly)
Candidates must be local or able to relocate without assistance
BC Management, Inc – Job Posting #2863
Position: Senior Information Security Risk Analyst
Status: Full-time, Permanent Hire
Location: Marlborough, MA (with flexibility to travel to Boston weekly) – Candidates must be local or able to relocate without assistance
Salary: Based on Experience – 5+ years expertise.
* Candidates must have authorization in place to work in the USA.
* Offer will be contingent on passing a background check.
* Candidates should have 5+ years of dedicated information security risk assessment expertise.
Keys to this Position:
1. Seeking 5 plus years of experience with Information Security Risk assessments. The Information Security Risk assessment will affect both external vendor’s and internal projects so experience in both areas are highly desired.
2. Our client is about to purchase a Governance Risk and Compliance tool so experience with these tools (such as Archer and Agiliance) are desired. Archer would be the more desired tool.
3. Excellent communication skills are needed as this individual will interface with business users, outside vendors and IT teams.
4. The role is based in Marlborough but there is weekly travel to Boston (1 to 2 days/week) so the candidate must be flexible to go to both locations.
Information Security is expanding the Risk Management team and is looking for a highly motivated Risk Analyst to be a key contributor to all aspects of the Risk Management program. This individual will have responsibilities in the areas of information security risk assessments (for internal projects as well as third party vendors), establishing and supporting control frameworks for use throughout the firm, working with the GRC toolset in support of established controls, as well as working with clients, auditors, vendors, and internal groups to assess, report on and present on risks.
Specific responsibilities include:
• Help identify appropriate control standard and assessment frameworks.
• Assist in implementation of Enterprise Governance, Risk and Compliance (eGRC) tool to support the Risk Management program.
• Coordinate business-level information security risk assessments for key information assets.
• Help to identify and track mitigation actions intended to reduce identified risks, as well as tracking and reporting on changes in key risk indicators.
• Work with the vendor management team to perform thorough technical and policy-based information security risk assessments of key third party vendors.
• Work with internal application, infrastructure, and architecture teams to assess the information security risk of existing technology, infrastructure and processes as well as proposed projects.
• Assist with Information Security Awareness programs delivered firmwide as well as tailored to specific groups.
• Assist with information security risk aspects of internal audits.
• 5+ years’ experience in the area of Information Security Risk Analysis.
• Proven experience using Governance, Risk & Compliance (GRC) framework, and experience working with enterprise GRC platform tools to understand, evaluate, and quantify risk.
• Experience with Vendor Management Programs, performing risk assessments of third party service providers/vendors based on ISO27001 and SIG, review of SSAE16, etc.
• Experience and knowledge of control standards and evaluation frameworks such as ISO27001, NIST Cybersecurity Framework, etc.
• Experience performing technical risk assessments for internal projects, working closely with the architecture team.
• Significant breath of technical experience and critical analysis skills sufficient to perform detailed risk analysis on a variety of technologies and use cases.
• Past experience working with auditors to prepare SSAE16 or similar reports.
• Experience responding to client RFPs, and meeting with clients to review information security posture.
• Excellent verbal and written communication skills and presentation skills.
The following statements are intended to describe the general nature and level of work being performed. This is not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel.
All qualified applicants will receive consideration for employment without regard to race, color, religious creed, ancestry, national origin, age, sex or handicap.
To apply to this position please visit http://www.bcmanagement.com/search-jobs.html and enter the job number 2863.
To learn more about the position, please contact Cheyene Marling - BC Management Inc. at email@example.com or +1 714-969-8006.