Security Risk Analyst

The Security Risk Analyst will be responsible for identifying, analyzing, and influencing the management of information risks across the organization.

• Performs focused information risk assessments of existing or new services and technologies, along with business counterparts.
• Communicates risk assessment findings to team owners and custodians of information risk "business partners," or information governance teams and information security teams.
• Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
• Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Track and maintain risk posture over time and be able to communicate risk strategy and mitigation over time.

A successful Security Risk Analyst candidate will have the expertise and skills described below.

• Bachelor's degree in computer science, or related field or +3 years of experience with proven increasing level of responsibility and accountability.
• Minimum of 3 years of work experience in information security, with a focus on information risk analysis, risk management, and IT audit roles. Additionally, candidates should have extensive experience with regulatory compliance and information security management frameworks such as the National Institute of Standards and Technology (NIST) 800, International Organization for Standardization (ISO) 27000, and COBIT.

• Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• An understanding of organizational mission, values, goals and consistent application of this knowledge.
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one's network within an organization.
• An ability to apply original and innovative thinking to produce new ideas.
• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
• An ability to effectively influence others to modify their opinions, plans or behaviors.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Strong problem-solving and troubleshooting skills.

• Certified in Risk and Information Systems Control (CRISC)
• GIAC Security Essentials Certification (GSEC)
• Certified Information Systems Auditor (CISA)