Senior Analyst, Information Security (Risk Management)

Overview

Overview:

• The candidate is expected to work in the risk management and information security domains and support audit both internal and external
• The candidate is expected to have a working knowledge of business continuity and disaster recovery
• The candidate is expected to effectively conduct vendor risk assessments, vendor audits, and review vendor requirements globally and be the point of contact for all such initiatives
• The candidate should have good communication and presentation skills, can work well independently and with other teams, and be available for travel on an as needed basis
• The candidate can support the continued use of automation wherever possible to improve efficiency and accuracy of the risk management program
• Ability and desire to work in a fast paced, test-drive, agile, collaborative and iterative programming environment
• Ability to think clearly and articulate your vision with the appropriate technical depth

Responsibilities

• Risk Management
  • Assist with the review and improvement of the risk register
  • Assist with the development and tracking risk treatment plans
• Vendor Risk Management
  • Perform vendor risk and security profile assessments, evaluate vendor responses including the potential for creating action items and maintain records
• Business Continuity (DR) and Disaster Recovery (DR)
  • Help oversee the business continuity and disaster recovery program starting with policy and plan development and maintenance through the exercise processes and action item remediation
  • Assist with the annual BC/DR business impact analysis and risk assessments
• Change Management
  • Assist with the review of weekly change management activities including the weekly change advisory board meeting
• Incident Response
  • Assist with incident response program from management of the incident to remediation, reporting and tracking
• Audit
  • Assist in coordination and remediation of all audits including internal, client, and certification audits
• Coordinate and track remediation efforts across multiple teams resulting from any of the programs overseen by the Risk Management vertical
• Build and maintain policies and procedures regarding all aspects of responsibilities

Qualifications

Requirements/Qualifications:

• Bachelor’s degree
• Knowledge of risk management, vendor risk management, business continuity, disaster recovery, change management and incident response
• Knowledge of Data Privacy and Cyber Security Frameworks such as GDPR, HIPAA, CCPA, NIST, ISO 27001, etc.
• Experience handling projects and involvement with audits