IT Risk and Compliance Analyst

18 May 2024

Vacancy expired!

IT Risk & Compliance Analyst

Responsibilities:The requirements listed below are representative of the knowledge, skill, and/or ability required.

3rd Party Risk Management -
  • Manages third-party risk assessments for IT-related processes and systems ensuring adherence to security requirements.
  • Assesses and interprets third-party documents and other pertinent source documents as necessary to support testing requirements and audit processes.
  • Monitors open third-party security issues and remediation actions associated with security control gaps to ensure timely closure.
  • Assist in developing policies, procedures and processes based on audit findings.

Client Security Audits -
  • Works across the Information Security team to ensure timely completion of client audit questionnaires.
  • Answers client audit requests with a high degree of accuracy.
  • Improves processes and procedures related to audit and client assurance.

IT Security Certifications and Accreditations -
  • Prepares for and completes certification audits such as ISO 27001, ISO 22301, SOC 2.
  • Assists with the development of action plans related to at-risk areas.
  • Identifies improvement opportunities and provides recommendations to mature existing IT processes and controls in alignment with best practices.

Requirements:
  • 2-3 years progressive experience ideally in a corporate setting in one or more of the following areas: IT Audit, IT Risk Management, Information Security, or IT Governance.
  • Experience with performing technical risk assessments, analyzing risk, and providing recommendations on risk mitigation strategies in cloud and on-premises environments.
  • The ideal candidate has experience as an Information Systems auditor and preferably acting as an auditor from a firm that does ISO or SOC certifications.
  • Background in planning, scoping and managing audits in an ISO 27001 environment.
  • Strong verbal and written communication skills in interacting with technical and non-technical individuals across the business and third parties.
  • A highly collaborative mindset with a strong desire to work closely with the business, development and technical operations teams.
  • Bachelor's degree from an accredited college/university.
  • Must possess and maintain one or more of the following industry recognized cybersecurity certifications: CISA, CISSP, CRISC, CISM or equivalent.

  • ID: #41102467
  • State: New York New york city 10019 New york city USA
  • City: New york city
  • Salary: Depends on Experience
  • Job type: Permanent
  • Showed: 2022-05-18
  • Deadline: 2022-07-16
  • Category: Et cetera