Senior Risk Analyst
Senior Risk Analyst
- Provide information security consulting and formal risk assessments on third party service contracts and/or sourcing arrangements (Cloud, SAAS, IAAS, outsourcer, 3rd party software)
- Provides support in the areas of security management and security architecture standards. Works with the Information Security Manager in defining security frameworks for existing and new systems and review and refine the information security policy, standards and procedures annually.
- Develop, deploy and maintain an objective risk assessment methodology for threat, vulnerability, risk identification, prioritization and relative comparison of security and compliance risks.
- Execute formal risk assessments, to quantitatively measure risk, and to perform what-if scenarios for various mitigations in order to optimize the remediation and mitigation projects.
- Communicate risk to the business in non-technical terms for leaders to understand the risks they are taking.
- Support requests from the business to review Customer security requirements and assist the Legal Contracts and Customer Service groups in providing responses to questionnaires and contract T&Cs. Assist in research and evaluation of new security products and services. Assist in security planning, developing and implementing of security policies across multiple platforms.
- BA or BS in Computer Science, Management Information Systems, or related technical field.
- At least 2 years of progressive experience in information security & risk assessment, including experience with Internet technologies and related security exposures. (This experience MUST include working knowledge of: risk analysis, security policy development and security education).
- Prior Experience with quantitative risk analysis methodologies such as FAIR (Factor Analysis of InfoSec Risk, Monte Carlo, Bi-Factor, etc…)
- Experience with RSAM Risk Management software
- Experience with RiskLens Risk Analysis SAAS