Sr. Security Risk Analyst

San Jose, CA 95128

Posted: 03/28/2019 Industry: IT Operations Job Number: 8665 Pay Rate: Not Specified
As a Sr. Security Risk Analyst, Cyber Risk Management, you will be responsible for performing technical security risk assessments, including conducting assessments, writing risk reports, recommending mitigation steps, monitoring mitigation plans and assessing residual risk as part of the continuous risk management lifecycle.

Responsibilities:
Continuously perform the steps in the Risk Management Lifecycle including the following:
* Conduct technical security risk assessments (must have knowledge of Cloud security)
* Conduct risk interviews and gather evidence to support the risk
* Understand technical implementation details necessary to assess and recommend security control improvements and identify compensating controls
* Analyze & score risks leveraging GRC tooling
* Update the security risk register
* Provide security risk reports
* Engage with cross-functional partners for analyzing problems, assessing risk, developing improvement opportunities and/or corrective actions, building consensus and supporting implementation of remediation solutions
* Monitor & report on Risk Remediation Plans
* Support the development and production of metrics to inform on the status and performance of Security Risk Management
* Support KRI development, analysis, trending and reporting
* Support the establishment of thresholds for each risk measurement to facilitate both quantitative and qualitative decision * * Keep up to date with the latest security and technology developments
* Interface with end users as well as all levels of management, senior executives; and technical and business resources
Ideal Candidate Will Have: * Strong knowledge of Cloud Infrastructure, Applications and coding practices * 5+ years of cyber risk management experience * Big 4, Consulting or IT internal audit experience [preferred] * One or more of the following certifications CISA, CISM, CISSP, CRISC * Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments * Communicate and present concisely and effectively based on the appropriate level of management * Manage competing deadlines and prioritize responsibilities to effectively meet business needs * Support the development and training of less experienced staff * Work both independently and as part of a team at all levels and across departments * Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together * Possess advanced interview skills to tailor the types of questions based on responses provided by internal personnel or supplier contacts Basic Qualifications: * Bachelor degree or an equivalent combination of education and work experience. * 5 years information security experience or a combination of information technology work experience and information security experience. * Demonstrate solid knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks. * Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning. * Strong analytical, problem solving, organizational, documentation; time management skills. Strong attention to detail. Strong relationship and facilitation skills. * Proficient with Google Suite applications.
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.