Information Security Risk Analyst
Recruiter
Listed on
Location
Salary/Rate
Type
This job has now expired please search on the home page to find live IT Jobs.
Information Security Risk Analyst
Job Description
*Collaborate with supplier relationship managers to help document the inherent risks in certain third party relationship and the controls in place to ensure a secure and compliant engagement
*Be responsible for reviewing security controls and/or regulatory compliance measures present at high and critical-rated Third Party Providers
*Develop reports to help management, business line management and other risk-related stakeholders understand the status of on-going assessments, the actions required to remediate risks, and the risk posture of certain business units as it relates to vendors
*Collaborate with Legal and Procurement groups to ensure that contracts with third parties reflect an appropriate level of control for IT/security risks.
Qualifications/Skills
*Experience of IT Audit or Information Security experience, particularly in a role related to third party risk assessment
*Familiarity in reviewing SSAE16 and other independent reports, and a strong knowledge of applicable federal and state privacy/security laws and accreditation standards
*Proven ability to translate complex regulations (ISO, SOX, NIST, UK PRA, EU Data Directive, HIPAA, and PCI, etc.) into clear, easily understood action plans
*Effective written and oral communication skills
*Strong negotiation skills
*Ability to train others in security concepts
*Ability to synthesize data about information risks to identify hidden trends and themes, and to communicate this information to internal stakeholders
*Industry certification a plus (CISSP, CISA or CISM, etc.)