InfoSec Risk Analyst

Job Overview

Risk Management strives to proactively identify information security threats and minimize the likelihood that any unauthorized party gains access to our confidential information and systems.  This position is primarily responsible with leading our day-to-day InfoSec efforts that includes, but is not limited to, monitoring for data leakage events, conducting regular testing and inspection of our InfoSec practices, evaluating strengths & weakness within existing controls, conducting risk assessments, providing education regarding InfoSec issues to customers & employees, inspecting and evaluating vendor InfoSec controls to ensure 3rd parties are properly safeguarding our confidential information, addressing audit findings, and collaborating with our Information Technology counterparts to ensure enhancements are implemented in a timely and effective manner.   

Responsibilities

• The individual(s) assigned to this function will be expected to:
• Assist in the development, implementation, and monitoring of a comprehensive enterprise-wide information security program to ensure the integrity, confidentiality and availability of all information owned, controlled and/or processed by the organization. 
• Assist in developing and managing a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants, and other service providers. Assist with managing the organization’s Vendor Management program which may include conducting reviews of vendor due diligence materials, conducting vendor site inspections & evaluations, and assess risks presented by third party relationships.
• Maintain security policies, standards, and guidelines to ensure each remains up to date.  Ensure dissemination of security policies and practices is timely and comprehensive for internal/external customers. 
• Co-ordinate and/or support security testing, incidents, and events to protect corporate assets, including intellectual property, regulated data, and the company's reputation.
• Enhance and facilitate information security awareness education programs for all employees, contractors, and approved system users.
• Work directly with business units to facilitate risk assessment and risk management processes, and work with internal stakeholders on identifying acceptable levels of residual risk.
• Provides InfoSec risk guidance for projects, including the evaluation and recommendation of technical controls.
• Enhance our existing information security management framework based on National Institute of Standards and Technology (NIST).
• Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
• Liaison among the information security team and corporate compliance, audit, legal and HR management teams as required.
• Assist with the organization current data security monitoring activities and respond to control issues or end-user failures, where necessary. 
• Support other Risk Management oriented activities as required.

Qualifications and Education Requirements

• Minimum of 3-5 years of experience in a combination of risk management, information security, and/or IT roles; Experience within a financial institution environment is preferred
• Experience with Microsoft Office, Microsoft Visio (or similar workflow tool) is preferred.
• High School Diploma or equivalent; College Degree preferred
• Experience with Governance, Risk, and Compliance tools
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired, along with knowledge of information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST

Additional Skills/Notes

• Ability to maintain the highest levels of confidentiality and work independently as well as part of a team. 
• Interpersonal Skills: A significant level of trust and diplomacy is required in addition to normal courtesy and tact.  Work involves a fair amount of personal contact with others, especially business unit leaders.
• Other Skills: Must have excellent communication, organizational and problem-solving skills.  Individual should be highly motivated and energetic.