Senior Information Security and Risk Management Analyst
Qualified Senior Information Security and Risk Management Analyst candidates will have:
- 5 years+ of Information security and risk management experience
- Experience conducting risk assessments, maintaining Security Frameworks based on HITRUST aspects of multiple computer platforms, operating systems, products, network protocols and system architecture
- At least one or more of the following certifications: CISSP, CISA, CRISC, CISM
- Strong knowledge of information security and risk management
- Strong knowledge of current and evolving cyber threat landscape.
- EXPERT or near expert knowledge of Excel Modeling (Pivot Tables, VBScript, Formula Development)
- Knowledge of specialized telecommunication techniques such Virtual Private Networks, encryption methodology and their associated technologies.
- Good understanding (balance between each of the following): Unix, Linux, Windows, etc. operating systems, well-known networking protocols and services (FTP, HTTP, SSH, SMB, LDAP, etc.), exploits, vulnerabilities, network attacks
- Experience investigating security incidents.
- Knowledge of industry standards including SSAE 16, ISO 27001, etc.
- MUST HAVE concise, succinct oral communication skills
The core responsibility of the selected Senior Information Security and Risk Management Analyst candidate (based in Brooklyn, New York, a short commute from NYC), will be to identify security requirements, collaborate on critical projects to ensure that security issues are addressed throughout the project life cycle of any given engagement. This requires the candidate to understand both IT and Information Security business units to identify, select and implement appropriate security and risk management controls and maintain current baselines for the secure configuration and operations of systems.
Additional responsibilities will include taking direction from the Director of Governance in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting risk assessments.
The Senior Information Security and Risk Management Analyst is expected to be fully aware of the enterprise security goals as established by published policies, procedures, and guidelines and to actively work towards upholding those goals.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Works with various groups within the organization to identify information security requirements, using methods that may include risk and business impact assessments.
Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
Create and maintain Information Security policy exceptions process.
Contribute to the Security Awareness Training Program, focusing on the development and roll out of a Cyber Security curriculum.
Conduct application risk assessments and vendor risk assessments.
(You must understand how Web Applications work and how they are secured).
Develop and update policies and procedures for the general operation of the Information Security and Risk Management program.
Work with leaders to influence and promote a standardized strategic plan towards enforcing security requirements and address identified risks that preserves the C.I.A. for said agencies.
Play an advisory role in the Software Security Assurance Program by reviewing application scanned results and objectively, determining the level of risk posed by the application.
Acquisition & Deployment:
Keep abreast of Information security and Risk Management industry practices, to include new and or revised regulatory publications; stay attuned to technology solutions that improve security processes and reduce the attack surface
Provide continuous review and improvement of current processes where applicable.
Strategy & Planning:
Participate in the review and update of enterprise security and risk management program
Participate in the creation of enterprise information security and risk management documents (policies, standards, baselines, guidelines and procedures)
Maintenance of Security and Risk Management Framework based on HITRUST Standard
May perform other functions as assigned.
This outstanding career opportunity is based in Brooklyn, New York offering competitive starting base salary in the $110,000.00 - $130,000.00 plus bonus per year range based on experience plus full benefits. Your asking compensation will be submitted after your approval. Candidates with solid skills, competitive compensation requirements will be reviewed first.
If you know someone who might qualify, (No 3rd party referrals or agencies for any WSI requirements. Please don't call to ask if there any exceptions, there aren't), e-mail a Word or RTF resume with contact information, address and phones to Jay J., with the subject line of this message in the subject line of the message you send, (no URL resume links and please do not return a copy of this announcement with your response) at (see below), call.
When resumes are received, the candidate is contacted if there is a match, the situation is thoroughly described and the candidate tells us how they would like us to proceed. No information leaves our office without prior approval. This creates long term relationships, which we encourage.