Fulcrum Technology Solutions is hiring for a Sr. Risk Analyst in the Houston market. The position is primarily remote with on-site meetings and events as needed.
The Information Security Cyber Risk Analyst is responsible for conducting security risk assessments of third-party vendors and their solutions to ensure compliance with the organization's information security standards. This role involves evaluating potential risks, documenting findings, and communicating recommendations to leadership and stakeholders. The Cyber Risk Analyst collaborates with internal teams to ensure the organization is well-informed about the risks associated with third-party solutions and the steps taken to mitigate them.
RESPONSIBILITIES/ESSENTIAL FUNCTIONS
- Perform security risk assessments of third-party vendors and their technical solutions.
- Document and report findings, including an overview of the vendor, solution description, identified risks, and proposed mitigation strategies.
- Present assessment reports to Cyber Risk leadership and stakeholders, ensuring clear communication of risk levels.
- Collaborate with stakeholders to review and address risks identified in the assessment process.
- Track and monitor identified risks until they are mitigated or resolved according to established risk treatment plans.
- Provide guidance on the organization's Information Security policies, procedures, and standards.
- Stay up to date on the latest developments in IT technology and security practices to enhance the organization's risk management efforts.
COMPETENCIES/REQUIRED SKILLS
- Strong ability to critically analyze both existing and emerging third-party solutions.
- Technical proficiency in understanding and evaluating varying solution architectures, including on-premise, cloud, and hybrid environments.
- Knowledge of security concepts and tools, such as Identity and Access Management, Data Security, Network Security, and Endpoint Protection.
- Experience with risk management frameworks and their application in assessing and addressing risks.
- Excellent writing skills for producing well-organized and professional reports.
- Strong interpersonal and communication skills for collaborating across teams and levels within the organization.
- Ability to manage multiple tasks, prioritize effectively, and meet deadlines.
- Familiarity with industry-standard security certifications, regulations, and frameworks.
QUALIFICATIONS AND EXPERIENCE
- Bachelor's degree in Information Security, Information Technology, or a related field, or equivalent work experience.
- 6-8+ years of experience in an information security-related role.
- 6-8+ years of experience in information technology.
PREFERRED EDUCATION
- Information Security certifications such as CISSP, CISM, CISA, or CRISC are highly preferred.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the functions.
- Long periods of computer use and communication via phone and email.
- Visual acuity required to read reports, charts, and documents.
- Regular verbal communication with team members and stakeholders.
- Occasional lifting of items up to 10 pounds.
Acknowledgment
The position specifications described herein are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made for individuals with disabilities. Requests for accommodation should be directed to the Human Resources Department.