Zyston's client has requested our assistance in helping them locate and hire an Information Security Risk Analyst with a desire to progress into leadership.
This role will allow for some remote work.
Individuals on the Info Sec Risk Analysis team will handle multiple areas, including:
- Business Information Security Office (BISO) experience
- Data Science to build out risk mitigation metrics
- Risk Assessments
- IT compliance
- Assist in implementing the new eGRC tool (ServiceNow GRC)
The Information Security Risk Analyst plays key role in the Information Security program with responsibility for collecting and analyzing technical and qualitative security data to provide actionable recommendations to leadership to mitigate security risk.
Focus areas of security assessment by the Information Security Risk Analyst include external threats and trends, applications and infrastructure security, cloud security, third party security and overall security program effectiveness in mitigating risk.
The Information Security Risk Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information.
WHAT WILL YOU DO?
- Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
- Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
- Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards and will effectively counter cyber threats
- Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities.
- Participate in other security support projects and duties as needed or requested
WHAT DO YOU NEED TO SUCCEED
Skills and Knowledge
- 3-6 Years Experience in cyber security operations, incident response, IT risk management or investigations
- Experience in banking/financial industry is strongly preferred
- Demonstrated experience analyzing complex cyber security data sets within subject area specialty
- Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
- Bachelor's degree in business, computer science or related field
- Security certifications (CISSP, GSEC, etc.) are highly desired