Information Security Analyst Risk Management

NO SPONSORSHIPPrincipal Information Security Analyst Risk ManagementLooking for a candidate with GRC & 3rd party risk experience. 8+ years IT Risk Management Cyber Security and Governance Risk Nist 800-53 ISO 2700i 27002 Cloud Security AWS Azure Saleforce Etc.The Principal Information Security Risk Analyst is responsible for assessing IT risk both internally as well as third parties to help secure data and information. The person in this position will need to have extensive knowledge of information security risk and third-party risk management, as well as the various technologies within the organization. This position works closely with all IT areas including Infrastructure, Application Development, Database, Network, Security Operations, and IT Compliance.

• Act as an Information Security Risk Management subject matter expert
• Assist the Information Security Risk Manager in the development and maintenance of the risk hierarchy, risk taxonomy, and risk register.
• Conduct regular risk assessments, documents issues, determines risk levels and coordinates with the appropriate subject matter experts to monitor the remediation of deficiencies
• Monitor the established risks in the IT organization and reports on the effectiveness of related mitigating controls
• Work closely with the Information Security Governance and Compliance team and security leadership to ensure cybersecurity policies and practices are designed to help mitigate risk
• Work closely with the Security Architecture team and participates in architecture reviews and project meetings to identify risk impact to the organization
• Participate heavily in the implementation of the ServiceNow Risk Management solution and its regular care and feeding
• Third Party Risk Management
• Responsible for the engagement of all third-party relationships to ensure that adequate controls are in place to protect SGWS data and information
• Assist the Information Security Risk Manager in the development, growth, and maturity of the risk-based third-party assessment and continuous monitoring program within ServiceNow
• Conduct annual vendor risk management reviews of existing third parties based on established risk ratings
• Review new third-party engagements, tracks issues to resolution, provides feedback on required security controls, and ensures contracts contain required content
• Review SOC 2 Type 2 reports, vulnerability assessments, penetration test results and additional documentation as required

• Eight or more years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, cybersecurity, and governance, risk, and compliance (GRC).
• Bachelor’s degree in computer science, information security, information assurance, or related field; or equivalent professional work experience
• Extensive knowledge of IT Risk Management processes and best practices
• Extensive knowledge of Third-Party Risk Management processes and best practices
• Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture
• Proven project management, multitasking and organizational skills
• Experience working with a variety of industry standards, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
• Knowledge of IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)