somebody who is local, meets the parameters below and as always, has
exceptional communication skills.
Must haves are: HIPAA,GLBAand PCI DSS regulations and frameworks such as NIST CSF.
Location: New Brunswick, NJ
Job Title: Information Security Risk Analyst (x2)
Location (on site vs remote): Hybrid (2-3 days on-site)
Duration: 6-12 Month CTH
Converting Salary: $110-$115k MAX
Interview Process: MS Teams -> Potentially On-Site
Background Check Required: YES
Key Responsibilities
Among the key duties of this position are the following:
- Provides risk remediation recommendations to mitigate identified control gaps and drives awareness of available supporting resources and technologies.
- Works closely with stakeholders across campus to ensure that risks are well documented and communicated.
- Maintains a formal risk register that drives security governance and ensures security finding is aligned with business objectives.
- Acts as an SME for end-to-end management of findings for information security assessments for vendors, applications.
- Assists in creating policies and procedures to help reduce risk.
- Performs other t
Minimum Education And Experience
- Bachelor’s degree is required, preferably in Computer Science, Information Systems, Management Information.
- Minimum of five (5) years of experience performing Information Security assessments with knowledge of HIPAA, GLBA and PCI DSS regulations and frameworks such as NIST CSF.
Certifications/Licenses
Required Knowledge, Skills, And Abilities
- Possess excellent interpersonal, communication and influencing skills.
- Ability to collaborate effectively across a variety of disciplines and levels inside/outside the organization.
- Ability to effectively analyze, document and communicate information security concepts to different user bases, including students, faculty, staff and systems personnel.
- Demonstrates skill in conducting internal or external risk assessments and providing guidance on the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and/or remediation items.
- Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
- Ability to identify and assess the severity and potential impact of risks and to communicate findings effectively to risk owners.
Preferred Qualifications
- Knowledge of common cybersecurity frameworks and standards (e.g., NIST 800-171, ISO 27001/27002).
- Experience with Governance, Risk & Compliance and/or Vendor Risk Management platforms.
- Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
- CISSP, CRISC certification.
- asks as assigned.