Talent.com
Security Risk Analyst III

Security Risk Analyst III

Spectraforce TechnologiesColumbia, SC, United States
5 days ago
Job type
  • Full-time
Job description

Title : Security Risk Analyst III

Duration : 12 months

Location : Columbia, SC

Partial Onsite : Tuesday, Wednesday, Thursday onsite and as needed

C2 eligibility is required

Duties :

  • Plan and perform compliance and risk assessment activities for information systems and related processes.
  • Communicate and escalate compliance and risk issues to the appropriate department and / or level of management. Act as a change agent to influence the I / S and corporate compliance culture.
  • 20% Independently monitor remediation of new and outstanding issues, including Information Security Risk Exception process, to ensure identification of areas of non-compliance.
  • Utilize tools to track and report on compliance posture.
  • 20% Independently conduct formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks.
  • 20% Facilitate development, implementation and documentation of Information Security policies, procedures, processes and programs to guide organization toward continuous compliance.
  • Independently analyze and interpret security regulations and controls to advise on security compliance at a broad perspective across multiple business areas. Consult on organizational impacts of compliance and risk management decisions.
  • 20% Serve as an interface with external entities for governance and compliance reviews regarding information security risk across multiple business areas and controls.
  • 10% Independently investigate, document and resolve Information Security Incidents. Advise senior management of critical issues that may affect organization.
  • 10% Research emerging security topics, threats and capabilities to create / update policy and governance.
  • Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices

Requirements :

Candidates Technical Background :

  • Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
  • Experience working on Security Management Plan
  • Experience with working on vulnerability matrices
  • Experience with the scanning and remediation of I / S assets using automated tools is beneficial (i.e. Nessus, AppDetective, Vanguard, etc.).
  • Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
  • Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
  • Advanced knowledge on security risk assessment execution.
  • Expert level knowledge on risk mitigation strategies.
  • Excel expert with the ability to analyze, trend and forecast from high volumes of compliance data.
  • Proficient with MS Word.

    • Preferred / Highly Desired Skills :

  • Experience with compliance programs within a government agency (i.e. Medicare, Tricare) is preferred.
  • Direct experience with NIST 800-53 security frameworks.
  • Any experience with Visio or PowerPoint a plus.
  • Any experience with DoD, DIARMF or FedRamp program are a plus.
  • SQL experience a plus.

    • Required Skills and Abilities :

  • Good understanding of Systems Development Life Cycle methodologies.
  • Subject Matter Expert in government or private risk frameworks and control implementations.
  • Good understanding of risk management, information system security and compliance standards.
  • Excellent analytical and decision-making skills.
  • Proven ability to interpret and apply knowledge of regulatory / accreditation requirements.
  • Ability to independently solve problems often spanning multiple environments and business areas.
  • Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
  • Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols.
  • Strong communication skills in presenting results both verbally and in writing.
  • Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
  • ? Required Software and Other Tools : Standard office equipment.

    • Work Environment : Fast paced, multi-platformed environment which may require action and response 24X7 to support the technical business needs of the customer.

    Required Education : Bachelor's Degree in Computer Science, Information Technology or related degree.

    Required Degree Equivalency : 4 years of job related work experience or 2 years of job related experience plus an associate's degree in Computer Science, Information Technology or other job related degree

    Required Work Experience : 6 years of I / T experience including 4 years of IT security, risk assessment and / or compliance experience. Successful completion of Client's Entry Level Training Program (ELTP) may be substituted for 2 years of I / T experience.

    Create a job alert for this search

    Risk Analyst • Columbia, SC, United States