19 Sep
Remote IT Risk Analyst
Vacancy expired!
Apex Systems Is Looking For A Remote IT Risk Analyst! To Apply, Please Send an Updated Copy of Your Resume to Adam - ajsmith@apexsystems.comRole: IT Risk Analyst Location: 100% RemoteKey Responsibilities On a day-to-day basis, this position will perform responsibilities such as some or all of the following:
- Conduct IT control and security focused risk assessments.
- Perform and document results of application risk assessments.
- Conduct reviews, identify gaps in architecture, and develop an overall risk management plan.
- Assist with the verification that application software/network/system security and control postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Validate implementation and functionality of security and control requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
- Assist in the determination if gaps in security design or controls exist and providing recommendations for remediation and implementation of mitigating controls.
- Identify security and control requirements specific to an information technology (IT) system in all phases of the system life cycle.
- Conduct monitoring and evaluation of the effectiveness of the enterprise's cybersecurity safeguards to help ensure that they provide the intended level of protection.
- Conduct risk analysis whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Provide security input into exception management processes.
- Verify and update security and control documentation reflecting the application/system security design features.
- Support the preparation, distribution, and maintenance of plans, instructions, guidance, and standard operating procedures.
- Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information.
- Help ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Participate in the policy standards implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
- Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
- Help ensure that plans of actions and milestones or remediation plans are in place for remediation tasks identified during risk assessments, audits, inspections, etc.
- Promote awareness of security and control issues among management and ensure sound principles are reflected in the organization's vision and goals.
- Assist in the development of security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Support the verification that all acquisitions, procurements, and outsourcing efforts address information security and control requirements consistent with organization goals.
- Work with technology and process delivery teams to ensure that information security is correctly considered and implemented as part of the business-as-usual delivery of solutions, services and processes.
- Be a point of reference for stakeholders on information security and IT controls delivery across the organization, supporting local security and technology teams.
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
- Skill in assessing security controls based on cybersecurity principles and tenants. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
- Skill in creating policies that reflect system security objectives and control requirements.
- Excellent communication skills in writing and communication information in a clear, concise manner.
- Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- Knowledge of Risk Management Framework (RMF) requirements.
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- 5+ years of experience working with risk assessments and controls.
- Bachelor's degree or equivalent knowledge in risk management and controls.
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.
- CISA, CISSP, CISM, or CIA recommended.
- Financial services experience
- Experience with GRC solutions
- Knowledge of public cloud providers (AWS, Azure, etc.)
Vacancy expired!