PLACE Looking for IT Security Risk Analyst at Remote Full Time

The Senior Analyst Cyber Risk is responsible for engaging with security leaders and business stakeholders to shape the cyber risk management framework, facilitate adoption of security controls and standards, and provide situational awareness to stakeholders regarding cyber risk management efforts.

Key activities of the Senior Analyst will focus on the daily support of cyber security and cyber risk management frameworks, including the production of policies, controls and standards; actively assist business groups responsible for building, operating, and managing information assets to effectively incorporate appropriate information security safeguards; and deliver and report key metrics to provide stakeholders situational awareness regarding enterprise security control and standards adoption. The Senior Analyst must also have excellent collaboration skills and will need to frequently interact with IT, Information Security, and other Business Leaders to promote an inclusive and collaborative environment to realize beneficial security governance solutions.

Essential Functions for this role include:

• Work with security leaders and business stakeholders to shape the security governance framework, facilitate adoption of security controls and standards, and provide situational awareness to stakeholders regarding security risk management efforts.
• Produce policies, controls and standards that help communicate information security expectations and promote projects aimed at simplifying the process to meet minimum security requirements.
• Work independently with minimal supervision, interact tactfully and confidently with IT, Information Security, and other Business Leaders, and apply sound information security risk management practices.
• Actively assist business groups responsible for building, operating, and managing information assets to effectively incorporate appropriate information security safeguards.
• Effectively navigate diverse perspectives and promote an inclusive and collaborative environment to realize beneficial security governance solutions.
• Manage project tasks with urgency and purpose to allow for swift movement in developing governance related initiatives.
• Lead efforts to drive deeper adoption of security controls and safeguards while minimizing the operational burden to information resource teams.
• Deliver and report key metrics to provide stakeholders situational awareness regarding enterprise control and standards adoption.
• Decompose complex security concepts and communicate them in simple and concise terms.
• Consistently produce high quality documents that fully address the criteria for which they were intended, requires minimal modification, and are grammatically sound.
• Assist with internal and external audit requests and follow-up.

Desired Experience:

• Three or more years of experience in an information security analyst, engineer, or architect role; or in a cyber risk analyst role; or in an IT auditor role
• One or more years of application administration, advanced user experience, or familiarity with an enterprise GRC tool
• One or more years of application administration, advanced user experience, or familiarity with a vendor security monitoring and assessment tool
• CISSP/CISM required
• Produce policies, controls and standards that help communicate information security expectations and promote projects aimed at simplifying the process to meet minimum security requirements
• Work independently with minimal supervision, interact tactfully and confidently with IT, Information Security, and other Business Leaders, and apply sound information security risk management practices
• Assist business groups responsible for building, operating, and managing information assets to effectively incorporate appropriate information security safeguards
• Navigate diverse perspectives and promote an inclusive and collaborative environment to realize beneficial security governance solutions
• Manage project tasks with urgency and purpose to allow for swift movement in developing governance-related initiatives
• Participate in developing security governance framework materials (policies, controls, standards) to drive consistent security risk treatment across the enterprise
• General knowledge of information security standards and frameworks such as the Center for Internet Security (CIS) Top 20 and National Institute of Standards and Technology (NIST) 800-53 and Cybersecurity Framework (CSF)
• Lead efforts to drive deeper adoption of security controls and safeguards while minimizing the operational burden to information resource teams
• Deliver and report key metrics to provide stakeholders situational awareness regarding enterprise security control and standards adoption
• Decompose complex security concepts and communicate them in simple and concise terms
• Consistently produce high quality documents that fully address the criteria for which they were intended, requires minimal modification, and are grammatically sound
• As a contributor, takes ownership for assigned areas of responsibility and effectively manages workload to meet deadlines
• Challenging the status quo, and actively look for transformative ways to align security to support business needs
• Excellent verbal skills, written skills with the ability to communicate clearly, succinctly, and persuasively

This is a remote position.