Information Security Risk Analyst
Location: All Locations
Risk Analyst will evaluate and document risks within the IT and telecommunications network environments, analyze the effectiveness of IT controls, and provide reporting and metrics to key stakeholders, CIO / vCISO / BoD.
Work with CIO and vCISO to lead risk assessments of security, operational controls and processes, and Systems based of NY DFS Cybersecurity Regulation (23 NYCRR 500) Cybersecurity Framework, the Gramm–Leach–Bliley Act and the SHIELD Act.
Job Responsibilities and Duties:
- Performing ongoing, BIA, ITRA, Gap Analysis, Pen Testing, Vulnerability Assessments, Incident Response Planning and ongoing development of IT policies and Procedures.
- Experience in extracting data from a variety of servers, data types, and data structures and automating tasks.
- Executing data analytics procedures for continuous monitoring of risk and performing risk assessments.
- Provide mitigation plans to address deficiencies derived from risk assessments
- Perform technical risk assessments for key projects, new functionality, and products.
- Perform Vendor Cybersecurity Risk assessments in support of Vendor Management Program.
- Identifies opportunities to improve the efficiency of IT and operational processes within the functional areas being assessed.
- Stay abreast of developments in the Information Technology industry specifically as they relate to Risk Management.
- Maintain proper documentation for Premium Mortgages’ Standards, Policies and Procedures as they relate to IT.
- Day to day management of key card control system and security camera oversight.
Education / Experience:
- BS in Information Security, Risk Management or 4 years of experience in Information Technology field, with at least 2 years working in Information Security, Risk Management, IT Audit or Compliance.
- Knowledge of threat modeling or other risk identification techniques, system security vulnerabilities and remediation techniques, data loss prevention and insider risk detection.
- Experience with Cybersecurity control frameworks such as 23 NYCRR 500, GLBA, FFIEC.
- Experience with Office 365 Security and Compliance, DLP policies, Sensitivity and Retention Labeling.
- Experience with Third-Party Risk Management.
- Ability to deal with changing priorities and multi-task several projects.
- Strong Project Management and Time Management Skills
- Ability to translate and communicate technical risk into business risk.
- Experience in implementing security management solutions and creating detailed documentation.
- Excellent presentation and communication skills.
- Excellent Technical and business writing skills.