Security Systems Analyst

Deerfield , IL | Contract

Post Date: 06/07/2018 Job ID: 226551 Industry: ERT
Job Description:
Reporting to the Head of Information Risk Management (IRM), the Senior Information Risk Analyst will be a key member of the IRM team. This position will support and help enhance vendor risk management and information risk management programs. The Senior analyst will be responsible for performing information security and data privacy vendor assessments. In addition, help identify, assess, report and monitor information technology risks. 


Vendor Risk Management Program 

• Perform remote and onsite vendor risk assessments on new and existing vendors on an enterprise-wide basis 
• Drive all aspects of information security and data privacy vendor risk assessments which include scheduling assessment, conducting assessments and escalating issues associated with vendors as needed 
• Identify and document deficiencies and vulnerabilities with vendors’ information security and data privacy programs 
• Prepare detailed and summary vendor risk report 
• Partner with legal team for inclusion / negotiation of appropriate information security contract language within vendor agreements 
• Identify opportunities for improving the vendor risk management process, including developing program metrics and program awareness 
• Develop and cultivate partnership with functional areas within IT, legal, procurement and privacy 
• Mentor and help develop junior level team members 
• Other duties and special projects as assigned 

Information Technology Risk Management Program 

• Assist Head of Information Risk Management in defining IT risk strategy and framework 
• Help with selection and implementation of Governance, Risk and Compliance (GRC) tool and framework 
• Partner with IT functions to help identify, assess and manage IT risks through completion of risk assessment 
• Partner with risk owners to document risk response plans 
• Develop and maintain IT risk register 
• Follow-up with risk owners to track risk mitigation / remediation 
• Provide risk management subject matter expertise in projects 
• Identify opportunities for improving the IT risk management process, including developing program metrics and program awareness 

Qualifications 
• 5-7 years of experience in Technology Risk, Operational Risk, vendor risk, or related filed 
• 5-7 years of experience conducting vendor risk and / or technology risk assessments 
• 2-3 years of experience conducting onsite vendor assessments 
• Broad Operational Risk, risk management and/or consulting experience 
• Understanding of key industry control standards / frameworks such as, ISO, NIST, PCI DSS, etc 
• Moderate-level knowledge and understanding of systems architecture, infrastructure, security and applications 
• Moderate-level knowledge and understanding of cloud computing 
• Experience in planning, organizing and conducting vendor and information risk assessments 
• CRISC / CISSP / CISA certification preferred

Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: