GDH Consulting has partnered with one of Tulsa's premiere enterprise employers adding a Senior Security Risk Analyst to their team.The Senior Security Risk Analyst provides advise and expertise to IT staff and other departments related to information security issues. The Senior Analyst monitors the thread landscape, prepares risk and vulnerability assessments, creates risk process documentation, and otherwise contributes to the develop and maintenance of a sound cyber security program. The Senior Analyst will evaluate internal security controls against industry standard best practices, established control frameworks, and internal audit requirements. This position is responsible for leading process improvement activities, participating in information security assessment projects and participating in security awareness communication and training activities. The Senior Analyst will participate in companywide projects to ensure that IT risks are known to the business and are remediated, transferred, or accepted. The Senior Analyst will assist the Cyber Security Manager in reporting risk and compliance status and program maturity to business leadership.As a Sr. Security Risk Analyst you will:
- Oversees the risk assessment and information security awareness processes.
- Conducts internal IT risk assessments
- On at least an annual basis, conducts or causes to be conducted an IT risk assessment.
- Work with the Cyber Security Manager to develop a schedule of internal risk reviews
- Coordinate reviews with Internal Audit as required to minimize impact of assessments to business units
- Interfaces with end users as well as all levels of management, technical and business sources to complete assessments
- Responsible for a deep understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and the Information Policy and applicable procedures, processes and standards.
- Acts as primary IT Risk and Compliance representative on IT and business projects to ensure that information security risks are managed appropriately
- Maintain relationships inside and outside of IT to enable the discovery of risks outside formal risk assessments.
- Evaluate and recommend controls to mitigate information technology, security and privacy risk. Map internal controls to appropriate established industry or other standard (ISO, NIST, etc.)
- Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.
- Understand complex business and information technology management processes.
- Assess application layer security controls to ascertain whether they comply with policies.
- Cloud/SAAS: Develop an understanding of the third parties' IT control environment and perform basic risk management approaches to evaluate their IT controls.
- Actively participate in decision making with third parties and internal Management for mitigating identified vulnerabilities.
- Performs assessments necessary to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.
- Participate in 24/7 Security Incident Response team activity.