If you are interested in below job, call me (Pragati) on 703-889-6559 or email at email@example.com. Thanks!
Job Title: Security Risk
Location: Houston, TX 77019 (Contract to Hire)
Duration: 0 – 6 Months Contract
Hours: 08:00 PM – 05:00 PM
· Responsible for assisting with the operational activities of the Cyber Risk Management and Governance Program.
· Identifies IT risk and works with appropriate stakeholders to complete remediation activities.
· Third Party Risk Management
· Work with business units and third parties to evaluate the risk of vendor relationships.
· Perform risk assessments on third parties and translate IT risks into business risks.
· Translate cyber risk into business risks and communicate this to business units.
· Document identified risks and follow up on remediation activities through completion.
· Application Security Assessments
· Assist in the development of an application security assessment program.
· Perform application security assessment on both internal and external applications.
· Document risks associated with internal and external applications.
· Manage the remediation activities associated with applications.
· Risk Assessments
· Supports internal and external audits, control reviews, risk assessments, and reporting as required
· Tracks and manages action plans for the resolution of issues identified during assessment and audits. Performs analysis and reporting of compliance gaps.
· Will assist in the implementation of action plans as well as provide compliance support to projects in order to improve performance of IT controls.
· Collects and performs data analysis to ensure compliance with IT controls. Generates and distributes security compliance metrics.
· SOX Control Review
· Complete required SOX controls within the required time frame.
· Work with other departments within IT to obtain the required evidence for SOX controls.
· Perform analysis on SOX control evidence to ensure all controls have been performed according to the requirements.
· Work with both internal and external auditors to provide evidence of compliance.
· Vulnerability Management
· Identify information system vulnerabilities through automatic and manual means.
· Prioritize vulnerabilities based on the risk to SCI information systems and data.
· Follow up on remediation activities to ensure identified risk are mitigated.
· Assist in preparation of metrics and reporting for vulnerability management activities.
· Security Awareness Training
· Assist with the development of security awareness communications.
· Assists with the execution of phishing email exercises.
· Security Policies, Standards, and Procedures
· Works with manager to maintains an up-to-date understanding of industry best practices or frameworks such NIST CSF, ISO, HIPAA, PCI, etc.
· Benchmarks with IS risk management practices of other companies.
· Assist with the development of cyber security policies, standards, and procedures.
· Assist with the annual review of cyber security policies and provide input for improvements.
· Security Incident Response
· Assist with responses to cyber security incidents such as malware detections and malicious activities.
· Respond to security escalations received from the Security Operations Center (SOC).
· Research security incidents, document findings, and provide remediation activities.
· Utilize in-house security tools when researching security incidents (IPS, Antivirus Management Console, etc.)
· Manage the cyber security queue in the IT ticketing system.
· Participate in a rotating on-call schedule to respond to afterhours incidents.
· Bachelor’s degree in information systems, Business or related program preferred.
· Industry certifications highly preferred (ISSP, SSCP, CISM, CISA, CCSP).
· Strong working knowledge of information systems security standards and practices.
· Three (3) years’ experience in Information Security with a focus on Risk Management
· Experience working with outsourced providers in the delivery of IT Security services
· Experience working with law enforcement, industry groups and other forums to stay abreast of new developments and to gain knowledge of best practices
Knowledge, Skills & Abilities:
· Demonstrated ability to envision and integrate various security technologies and controls into a cohesive architecture that sufficiently mitigates risk to the organization.
· Proven ability to author strategic security roadmaps and translate into execution plans to drive desired outcomes.
· Ability to communicate clearly end effectively with technical and business stakeholders.
· Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations.
· Solid problem solving and analytical skills; able to quickly digest issue/problem encountered and recommend an appropriate solution.
· Solid data analytic skills required to correlate multiple data points.
· Advanced Computer Skills - Microsoft Office: Advanced in Excel (Pivot tables, V-look ups), Visio, or ACL/Access (not required, but preferred)