The ideal candidate will have good research, writing, and presenting skills, a desire to solve complex problems, and the drive to complete assignments on-time with minimal oversight.
This position will be part of a team that will be responsible for driving visibility and have understanding of information security risk management to contribute and influence strategic decision making across the enterprise.
Risk Key Responsibilities:
- Intake and analysis of identified cyber security issues and risks from a variety of sources including security assessments, compliance checks, automated vulnerability systems, and other internally or externally reported risks.
- Complete analyses and reports to develop a comprehensive view of risk across the company.
- Assist and track for accurate risk measurement and response activities, provide necessary information and analysis to help business leaders prioritize risks
- Review and track action plans developed by risk owners and ensure plans are completed appropriately
- Perform ad-hoc risk analysis as assigned
- Review and advise on internal security capabilities in the context of negotiations with customers or auditors.
- Perform other duties as assigned.
Minimum Requirements/Qualifications:
- 5+ years’ experience in risk analysis, information risk management, , data privacy, information technology, or equivalent with exposure to cybersecurity and/or information security risk.
- Bachelor’s Degree in Risk Management, Information Assurance, Information Security, Cybersecurity, IT, Law or Data Privacy or equivalent work experience.
- Experience with risk analysis.
- Ability to explain complex risk management topics to a broad audience
- Understanding of relevant industry frameworks such as ISO 27001 series, NIST 800-53, FISMA and others
- General understanding of cybersecurity technologies and controls with the ability to bridge the gap between governance and technical concepts
- Excellent writing skills, with experience as a writer or technical editor is considered a plus
- Demonstrated ability to complete work with minimal direction and self-identify tasks
- Excellent written and oral communication skills with experience presenting to senior leadership
- Strong interpersonal, organizational, and excellent documentation skills
- Excellent customer service skills
- Relevant certifications such as CRISC, CISSP or CISA are considered a plus
- Experience of various risk management frameworks such as the NIST Risk Management Framework or Center for Internet Security Risk Assessment Methodology will be considered plus.
Non-Negotiable Hiring Criteria:
- Strong attention to detail, organizational skills, time management
- Excellent verbal and written communication skills
- The ability to interact professionally with a diverse group: executives, managers, and subject matter experts.
- Ability to take direction and independently work through projects as required
To apply for this role visit: IT Security Engineer
Medium Level
Type Fixed
Duration: 03 to 06 months