Position: IT Security Risk Analyst
Length: 1-2-Year Contract
Rate: 45-55/hr on W2 – Rate is dependent on candidates experience
Location: Remote – 1 onsite requirement a quarter
**A lot of these responsibilities can be taught but the hiring manager needs someone with experience in IT Security and IT Risk Assessments. **
Cyber Security Analyst
Responsible for conducting Cyber Security risk assessments for third-party service providers. This person will be more focused on writing reports for high level executives. The hiring manager is looking for someone who has strong written and verbal communication to speak to third party vendors and leadership when needed.
MUST HAVES:
1. IT Risk Assessments
2. IT Background
NICE TO HAVES:
1. GRC tool
2. IT Controls, SOC 1 or 2 report, auditing
3. Fast pace environment
Principal Responsibilities:
· Perform cybersecurity risk assessments of Suppliers and Third-Parties (vendors) to identify & validate threats, and remediate risks.
· Perform interviews with vendors and business units, walkthrough vendor controls, document assessments.
· Measure assessments against key controls and industry security standards, i.e., PCI-DSS, HIPAA, ISO27001:13, SSAE18-SOC2 Type2, etc.
· Create professionally written assessments that include findings, requirements, and recommendations to mitigate risk and provide visibility into the adherence to policies and procedures.
· Submit assessment findings, requirements, and recommendations to business partners.
· Develop trusted relationships with business partners, Supply Chain Sourcing and, other team members to gain consensus approvals on strategies, recommendations, findings and, project plans.
Experience:
· Understanding of emerging technologies, including but not limited to, mobile and cloud technology (PaaS, SaaS.)
· Analytical/critical thinking and problem-solving skills.
· Basic understanding of information technology, network security, encryption, incident management.
· Ability to contribute to consistent improvement model of team workflow processes, templates, and tools.
· Experience with Risk Management Platforms such as Galvanize / Archer.
· Knowledge of NIST Cybersecurity Framework and how NIST supports the management and reduction of cybersecurity risk.
· Ability to keep up with a complex, high volume and, fast-paced assessment environment.
· Understanding of vendor questionnaires and responses e.g., SIG, CAIQ.
· Knowledge of technology industry best practices and standards, e.g., NIST, PCI-DSS, ISO, CSA, etc.
· Ability to simply articulate technical concepts in written and verbal form.