Cybersecurity Risk Analyst (close)

Experience level: Mid-senior
Experience required: 7 Years
Education level: Bachelor’s degree
Job function: Information Technology
Industry: Financial Services
Pay rate: $65 per hour — Competitive pay rate based on experience
Total position: 1
Relocation assistance: No
Visa sponsorship eligibility: Yes / No

Job Locations: Dallas, TX or Tampa, FL or Jersey City, NJ, USA

Note: Candidates with previous Financial Services Industry background will be given preference over others.

Position Summary:

The Information Risk Analyst/Consultant is responsible for creating risk assessment questionnaires, performing risk assessments of applications (on-premises and cloud), infrastructure (on-premises and cloud), as well as vendor assessments against a defined risk framework. These assessments will be conducted through a formalized risk assessment program. The Information Risk Analyst will have the ability to identify risks that are associated with how business and technology workforce utilize information technology and in supporting technological systems.

Principal Responsibilities:

• Research technology security issues, cybersecurity best practices, and create risk assessments questionnaires that can be used to assess applications and infrastructure.

• Schedule and perform information risk assessments using client methodology; identify, document and communicate control deficiencies in business processes and technology systems.

• Partner with the Enterprise IT to agree on cybersecurity risk findings identified through the risk assessment (e.g., Databases, Operating Systems, Networking Devices, Storage Systems, Cloud Systems, etc.), new initiatives, and ad hoc processes.

• Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps.

• Partner with business and IT to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences.

• Evaluate management responses to ensure that remediation plans and tasks adequately address identified control gaps.

• Create assessment reports and dashboards that will be communicated with various IT owners.

• Document risk issues in the client designated risk register.

• Assist the business and technology groups through the client process for policy exceptions and risk acceptance.

• Participate in and influence information risk assessment process improvement.

Experience:

• 5+ years of risk assessment experience in one or more areas: application, infrastructure, vendor risk management

• Financial Services Industry experience a plus but not required.

• Proficiency with Information Risk Management best practices

• Proficiency with information technology in general and cybersecurity technical issues

Knowledge and Skills Required:

• Proven technical knowledge of infrastructure, networks, databases and systems and how they affect an organization’s cybersecurity risk.

• Proven knowledge of security methodologies, policies, standards and best practices.

• Proven knowledge of information technology systems, infrastructure and operations.

• Ability to explain and articulate technical concepts using both technical and non-technical terms.

• Critical thinking and analytical skills.

• Excellent presentation skills (MS PowerPoint)

• Ability to manipulate data in a spreadsheet (MS Excel)

• Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives.

• Strong oral and written communication skills.

• Excellent organizational skills, coupled with ability to be versatile and flexible.

• Sound business judgment and the ability to work successfully with all levels of management.

• Excellent grammar and style skills; ability to adapt writing style for different audiences and media.

Education, Training and Certification:

• Bachelor’s degree preferred.

• CISSP / CISM / CRISC / CCSP certification preferred

Job Insights – Must Have:

• 5+ years of risk assessment experience in one or more areas: application, infrastructure, vendor risk management

• Financial Services Industry experience a plus but not required

• Proficiency with Information Risk Management best practices

• Proficiency with information technology in general and cybersecurity technical issues

• Proven technical knowledge of infrastructure, networks, databases and systems

• Proven knowledge of security methodologies, policies, standards and best practices

• Proven knowledge of IT systems, infrastructure and operations

• Ability to articulate technical concepts to various audiences

• Excellent MS PowerPoint and Excel skills

• Collaborative, clear communicator with strong judgment

• Bachelor’s degree preferred

• CISSP / CISM / CRISC / CCSP certification preferred

Screening Questions:

1. List the certifications the candidate possesses (CISSP/CISM/CRISC certification).

2. Describe the candidate’s experience in performing risk assessments of applications (on-premises and cloud), infrastructure (on-premises and cloud), as well as vendor assessments against a defined risk framework.

3. What is the candidate’s full legal name?

4. What is the candidate’s Month and Day of DOB (required for submission to client as a unique identifier)?

5. What is the candidate’s desired hourly pay rate?

6. Please provide the link to the candidate’s LinkedIn profile:

7. Where is the candidate located? If the candidate is not near the job location, please explain the relocation plan in detail (e.g., timeline, relocating with family, selling/buying property).

8. Is the candidate legally authorized to work in the US for any employer?

9. Will the candidate now or in the future require immigration sponsorship for work authorization (e.g., H-1B status)?