Title: Information Security Analyst
Location: Richmond, VA – Hybrid 3 days onsite/2 days remote
Term: long term contract
Job Duties:
- Participating in Information Security and Privacy efforts across all business areas and vendor engagements to ensure the most appropriate security controls are in place and adhered to by all parties.
- Working within a Governance Risk and Compliance (GRC) system to add and update information security information, records, and documentation.
- Partnering with business stakeholders to develop and maintain information System Security Plans (SSP).
- Representing the Information Security Office in PMO lead projects to ensure significant projects have appropriate ISO representation.
- Partnering across teams, collaborating with users to understand business challenges, developing options tailored to providing value, facilitating compliance, and providing timely and clear communications.
- Assisting with development and maintenance of information security standards and processes, including conducting occasional research from various reputable sources.
- Assisting with controls documentation, including information system diagraming, populating risk assessment templates and drafting control narrative documentation for business approval.
- Assisting in reviewing contracts, agreements, and other vendor documentation to assure adequate information security protections are in-place.
Requirements:
- At least (3) years of demonstrated experience in Information Security concepts related to governance, risk and compliance.
- Extensive knowledge of the principles and practices of information security.
- Extensive knowledge of the principles and methods applied to information technology infrastructure planning, implementation, and management.
- Ability to organize work, set priorities, meet established deadlines, and follow up on assignments with a minimum of direction.
- Familiarity or experience working with a security framework (NIST, ISO 27001, COBIT, etc.).
- Superior organizational skills and attention to detail.
- Ability to continually prioritize and change or adapt to ambiguous situations.
- Experience drafting Information Security and Privacy policies, standards, and procedures.
- Ability to interpret and understand security documentation including flow diagrams and process maps.
- Ability to understand general contract terms and conditions.
- Ability to create diagrams, flowcharts, and spreadsheets using desktop software.
- Ability to write clear and concisely to various audiences.
Preferred experience includes:
- Bachelor's degree in Computer Science or Information Systems or equivalent. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent information security certification is preferred.
- Previous experience working in the financial services industry is preferred.
- Knowledge of controls related to cloud security and application security.
- Knowledge of Information Security regulatory compliance (e.g., GLBA, GDPR, PCI, etc.).
- Knowledge of various privacy regulations (e.g., GRPR, CCPA, VCDPA, etc.).