Cybersecurity Risk Analyst II

Overview

The Cybersecurity Risk Analyst II will assist the Manager, Cybersecurity Risk with identifying, analyzing, reporting and recommending appropriate treatments of cybersecurity risks across the organization. Works with some supervision and direction from the Cybersecurity Risk Specialist and Manager, Cybersecurity Risk, and assists with guiding junior resources.

Responsibilities

What you will do

• Supports the Cybersecurity Risk Management function with operational aspects of cybersecurity risk management, assessments, technology evaluation and attestation.
• Execution of ad hoc and ongoing third-party security risk assessments for existing or new services and technologies. Monitoring and consulting on open risk items pertaining to third-party vendors.
• Coordinating as needed to support client due diligence inquiries and requests, tracking, reporting, and escalating to management as needed.
• Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization, such as IT Leadership/Management, Enterprise Architecture, and IT Application Devlopment teams. Assisting with measurement of the impact of risk management activities on the IT organization.
• Assisting with maturity enhancement of the Technology Risk Management program, including buildout of new processes and tools. Making decisions and proposing actions as necessary to support the activities detailed above, including when to consult on requirements, when to provide additional services, and when to escalate to management.
• Splitting time as needed between Cybersecurity Risk Management activities.
• Performs other duties as assigned.
• Complies with all policies and standards.

Qualifications

• Bachelor's Degree With two to three years of work experience specifically in IT risk/security, IT audit or IT compliance. - Required
• Demonstrated experience in an IT audit, risk or compliance role, with a strong understanding of cybersecurity risk and control concepts. - Required
• Proven experience with cybersecurity risk and compliance frameworks such as NIST (preferred), ISO, COBIT, COSO, COBIT, etc. - Required
• Experience with GRC tools - Preferred
• Demonstrated understanding of cybersecurity risks that affect information systems design, modification and processing activities.
• Proven ability to identify and assess the severity and potential impact of risks.
• Demonstrated ability to communicate risk findings to risk owners in a respectful and collaborative manner, which promotes efficient and effective risk remediation balanced with business needs.
• Proven ability to manage time effectively and make decisions that support the goals of management.
• Demonstrated ability to build and manage key relationships to support the achievement of positional responsibilities.
• Proven ability to apply original and innovative thinking to produce new ideas and create innovative solutions.
• Demonstrated knowledge of risk-based IT and IT-integrated auditing techniques strongly preferred.
• Proven ability to document procedures and activities in a manner that is understandable to others and prepared using a prescribed format, demonstrating use of the English language to include exemplary knowledge, in verbal and written format, of the elements of grammar, punctuation, diction and spelling proficiency.
• Works in an office setting and may remain in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.
• Continuously performs an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Visual acuity is required to determine accuracy, neatness and thoroughness of work assigned. Ability to continuously make repetitive motion of the wrists, hands and/or fingers.
• Occasionally moves about to accomplish tasks, particularly moving from one workstation to another.
• Strong proficiency in the use of Microsoft Office, particularly Word, Excel, PowerPoint.
• Certified in Risk and Information Systems Control (CRISC) Upon Hire - Preferred
• Certified Information Systems Auditor (CISA) Upon Hire - Preferred
• Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Assessor (CTPRA) Upon Hire - Preferred
• GRC Professional (GRCP) and/or similar risk management / IT assurance certifications. Upon Hire - Preferred

Work Setting/Position Demands:

• Works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.
• Requires the ability to verbally communicate and exchange accurate information to customers and associates on a regular basis.
• Requires visual acuity to read and interpret a variety of correspondence, procedures, reports and forms via paper and electronic documents, visual inspection involving small defects; small parts, and/or operation of machinery (including inspection); using measurement devices continuously. Visual acuity is required to determine accuracy, neatness, and thoroughness of work assigned.
• Requires the ability to prepare written correspondence, reports and forms using prescribed formats and conforming to rules of punctuation, grammar, diction, and style on a regular basis.
• Requires the ability to apply principles of logical thinking to define problems, collect data, establish facts, and draw valid conclusions
• Performs substantial movement of wrists, hands, and fingers for continuous computer work.
• Extended hours required during peak workloads or special projects/events.

Travel Requirements:

• Occasional travel may be required by plane or car for training opportunities, but not as part of normal operations.