19 Sep
Remote IT Risk Analyst
Iowa, Cedar rapids , 52401 Cedar rapids USA

Vacancy expired!

Apex Systems Is Looking For A Remote IT Risk Analyst! To Apply, Please Send an Updated Copy of Your Resume to Adam - ajsmith@apexsystems.comRole: IT Risk Analyst Location: 100% RemoteKey Responsibilities On a day-to-day basis, this position will perform responsibilities such as some or all of the following:

  • Conduct IT control and security focused risk assessments.
  • Perform and document results of application risk assessments.
  • Conduct reviews, identify gaps in architecture, and develop an overall risk management plan.
  • Assist with the verification that application software/network/system security and control postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
  • Validate implementation and functionality of security and control requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
  • Assist in the determination if gaps in security design or controls exist and providing recommendations for remediation and implementation of mitigating controls.
  • Identify security and control requirements specific to an information technology (IT) system in all phases of the system life cycle.
  • Conduct monitoring and evaluation of the effectiveness of the enterprise's cybersecurity safeguards to help ensure that they provide the intended level of protection.
  • Conduct risk analysis whenever an application or system undergoes a major change.
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
  • Provide security input into exception management processes.
  • Verify and update security and control documentation reflecting the application/system security design features.
  • Support the preparation, distribution, and maintenance of plans, instructions, guidance, and standard operating procedures.
  • Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information.
  • Help ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
  • Participate in the policy standards implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
  • Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
  • Help ensure that plans of actions and milestones or remediation plans are in place for remediation tasks identified during risk assessments, audits, inspections, etc.
  • Promote awareness of security and control issues among management and ensure sound principles are reflected in the organization's vision and goals.
  • Assist in the development of security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
  • Support the verification that all acquisitions, procurements, and outsourcing efforts address information security and control requirements consistent with organization goals.
  • Work with technology and process delivery teams to ensure that information security is correctly considered and implemented as part of the business-as-usual delivery of solutions, services and processes.
  • Be a point of reference for stakeholders on information security and IT controls delivery across the organization, supporting local security and technology teams.
Qualifications and Skills All senior level individuals in Information Security GRC are expected to have the following qualifications at or above the documented proficiency levels:
  • Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • Skill in assessing security controls based on cybersecurity principles and tenants. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • Skill in creating policies that reflect system security objectives and control requirements.
  • Excellent communication skills in writing and communication information in a clear, concise manner.
  • Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
  • Knowledge of Risk Management Framework (RMF) requirements.
  • Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
  • 5+ years of experience working with risk assessments and controls.
  • Bachelor's degree or equivalent knowledge in risk management and controls.
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.
Preferred Qualifications
  • CISA, CISSP, CISM, or CIA recommended.
  • Financial services experience
  • Experience with GRC solutions
  • Knowledge of public cloud providers (AWS, Azure, etc.)
EEO EmployerApex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystemsinc.com or 844-463-6178.

Vacancy expired!


Report job