Dice is the leading career destination for tech experts at every stage of their careers. Our client, Codice, is seeking the following. Apply via Dice today!
POSITION SUMMARY:
CODICE seeks a highly skilled and experienced Human Risk Analyst. The Human Risk Analyst will be responsible for identifying, assessing, and mitigating risks associated with staff and customer behavior. This role focuses on developing strategies to enhance security awareness, ensure policy compliance, and reduce human-related risks, such as phishing attempts and compliance failures. The analyst will work closely with various client departments to implement effective risk management practices and foster a culture of security and compliance.
Duties And Responsibilities
- Security Awareness and Training:
- Design, implement, and evaluate effective security awareness programs to educate employees on cybersecurity best practices.
- Utilize tools and platforms (e.g., KnowBe4) to deliver engaging and interactive security training sessions.
- Social Engineering:
- Understand and remain current on social engineering techniques and attack vectors, such as phishing, pretexting, and baiting.
- Design and conduct social engineering assessments and simulations to test and improve organizational resilience.
- Risk Assessment:
- Apply risk assessment methodologies and frameworks (e.g., NIST, SOC 2) to identify and assess human-related security risks.
- Conduct comprehensive risk assessments focusing on human factors and behavior to pinpoint vulnerabilities and areas for improvement.
- Behavioral Analytics:
- Analyze user behavior using behavioral analytics to identify anomalies and potential security threats.
- Employ tools and techniques for monitoring and analyzing user activity to proactively address and mitigate risks.
- Compliance and Regulation:
- Ensure adherence to data privacy regulations and compliance requirements related to human risk.
- Develop and implement strategies to ensure compliance with legal and regulatory standards.
- Communication and Training Materials:
- Create and deliver engaging and informative training materials and presentations.
- Communicate effectively with employees at all levels to promote a culture of security and compliance.
- Develop written policies, guidelines, and procedures that support security awareness and risk management initiatives.
- Project Management and Collaboration:
- Lead or participate in projects focused on reducing human-related risks and enhancing security awareness.
- Collaborate with various departments to integrate risk management practices into organizational processes.
Knowledge, Skills And Abilities
Security Awareness and Training:
Designing Security Programs:
Expertise in creating, implementing, and evaluating comprehensive security awareness programs tailored to different organizational needs.
Ability to measure the effectiveness of security programs and make necessary adjustments.
Tools and Platforms:
Proficiency in using security training delivery platforms such as KnowBe4, demonstrating a deep understanding of their features, analytics, and reporting capabilities.
Experience Required:
At least 3-5 years of experience in developing and managing security awareness and training initiatives.
Social Engineering:
Attack Vectors:
In-depth understanding of various social engineering techniques, including phishing, pretexting, and baiting.
Assessments:
Proven ability to design and conduct social engineering assessments and simulations to test and improve organizational resilience against these types of attacks.
Experience Required:
At least 2-3 years of experience in conducting social engineering tests and creating preventative strategies against these attack vectors.
Risk Assessment:
Methodologies and Frameworks:
Proficiency in applying risk assessment methodologies and frameworks such as NIST, SOC 2, and other industry standards.
Human Factors:
Experience in conducting risk assessments with a focus on evaluating and mitigating human factors and behavior-related risks.
Experience Required:
At least 3-5 years of experience in performing risk assessments, particularly those focusing on human-related security risks.
Behavioral Analytics:
Behavioral Insights:
Strong understanding of behavioral analytics to identify and analyze user behavior, detecting anomalies indicative of security risks.
Monitoring Tools:
Familiarity with various tools and techniques for monitoring and analyzing user activity, with the goal of preemptively addressing potential threats.
Experience Required:
At least 2-3 years of experience in behavioral analytics within a cybersecurity context, including anomaly detection and user activity monitoring.
Qualifications
Required Education:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Required Experience:
Cybersecurity and Risk Management:
- A minimum of 3-5 years Experience in Cybersecurity or Risk Management:
- Comprehensive experience in managing human-related security risks, including the development and implementation of security awareness programs.
- Practical experience in leading or significantly contributing to projects focused on reducing human-related risks.
- Demonstrated ability to create a culture of security and compliance through effective communication and policy enforcement.
Experience Required:
- At least 3-5 years in cybersecurity, risk management, or a related field.
Communication Skills:
Ability to draft clear and effective security policies, training materials, guidelines, and incident reports.
Proficiency in delivering engaging presentations and training sessions to diverse audiences.
- Interpersonal Communication:
Strong interpersonal skills to effectively communicate with employees at all levels, fostering an environment of open dialogue regarding security practices.
Proven track record of excellent written and verbal communication skills demonstrated through at least 3 years of professional experience.
Psychological Principles and Behavioral Change:
- Understanding Human Behavior:
Solid knowledge of psychological principles related to human behavior, decision-making, and susceptibility to social engineering attacks.
Ability to design and implement strategies to influence and change employee behavior toward better security practices.
At least 2-3 years of experience applying psychological principles to influence behavior in a professional setting.
Compliance and Regulatory Knowledge:
- Data Privacy Regulations:
Deep understanding of data privacy regulations, such as GDPR, HIPAA, and other relevant legal frameworks.
Experience in developing and enforcing policies that ensure organizational compliance with data privacy and security regulations.
At least 2-3 years of experience in ensuring compliance with legal and regulatory requirements related to human risk.
Project Management:
Experience in leading or managing security initiatives and projects aimed at mitigating human-related security risks.
Proven ability to work collaboratively with various departments to integrate risk management practices into organizational processes.
Demonstrated experience participating in or leading projects for at least 2-3 years.
Required Licensure/ Certification:
- Relevant industry certifications that add value and demonstrate expertise in cybersecurity and risk management, such as:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Security Awareness and Training Program Manager (SATPM)
- Certified Cybersecurity Awareness Professional (CCAP)