Listing Description
The Senior Threat and Risk Assessment Analyst will assist in the development and implementation of a risk-based Security Program. The position will lead multiple security-related projects and technologies, interfacing with team members within the Information Technology department as well as other internal business units and external partners.
Essential Functions
- Supports internal and external security assessments (e.g. penetration testing, Application Security) and provides IT management direction as to how to remediate findings
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage.
- Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.
- Assists with technical aspects of internal and external risk assessments and evaluates control effectiveness
- Monitors Liaise, and reports status of security issues, as needed
- Translates technical security requirements into technical guidance
- Ensures compliance with any applicable information security standards and regulations
- Supports Vendor Risk Management program control activities and ensures third party security risks are evaluated from a technical perspective
- Assists with the technical requirements and achievement of appropriate certification programs surrounding information security
- Develops written technical security standards and procedures considering regulatory requirements and leading practices
- Understands the needs and implications of the various legal, privacy, and regulatory bodies that impact our business and ensure they are addressed
- Monitors, Liaise and report on compliance of security standards for enterprise systems and applications.
- Support Other essential functions as required by leadership
Job Requirements
- Bachelor’s degree or above in Math, Computer Science, Business Administration, Accounting, Information Systems or equivalent education/experience in Information Technology or Information Security fields
- 1 to 7 years of experience in IT engineering, Software Development, IT risk management or information security role required
- GPEN, OSCP, CISA, CIA, CISSP, Threat Scanning Tool experience or other technical certifications desired
- Former PCI-QSA and PCIP experience highly desired
- Demonstrated experience developing security standards and procedures
- Demonstrated knowledge of information security standards and methodologies with general understanding of security processes, tools and latest technologies
- Excellent verbal, written and interpersonal communication skills
- Ability and desire to work in a team environment with minimal supervision
The above statements are intended to describe the general nature and level of work being performed by individuals in, or assigned to, the above position and are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required, and may be changed at the discretion of the Company.
Listing Details
- Salary: $92000 - $133000
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute