IT Risk Services Analyst
Job Description
Responsibilities:
· Work with project teams to provide Privacy Impact Assessments
· Conduct IT Risk Assessments on External Vendor’s system architecture and design to ensure the security requirements meets maturity levels
· Review third party RFP responses with security architects, and evaluate SSAE16 SOC Type 2 reports and similar reports to identify key areas concerning security, risk and compliance
· Conduct training to project services resources on risk, security assessment process, and data privacy assessment process
· Assist with internal and external audits and assessments
· Assist with the development of programs to ensure compliance to regulatory requirements
· Perform other IT related assessments as assigned
Maintenance of Standards & Policies
· Contribute to the maintenance of IT Policies – Clean Desk Policy, AD Password Policy
· Create work instructions for evaluating requests against Standards & Policies
· Evaluate requests and applies the IT exception processes to these requests
· Clearly document and define risks and potential impacts and identify systems affected by the defined risk
Communication of IT Risk Services policies and standards
· Maintain and contribute to SharePoint sites regarding IT Risk content
· Create and/or coordinate training sessions as required
· Monitoring IT Risk Services mailbox and respond to requests and customer inquiries
· Answer and respond to ServiceNow help-line tickets – Administrative Rights, Removal and System identification, Ensure Software Compliance, Wireless Access Control, Email and Distribution list request, Vendor Network Access, Browser Exceptions
· Log and follow up on customer issues
· Interact with other teams: Global Information Security, Global Security, Cyber Security, and IT Teams as required
Disaster Recovery
· Track and assist with the completion and updating of Component Recovery Plans
· Communicate recommended business continuity preparations and controls, including deficiencies, to business units
· Approve restoration of Backup Data to DR sites
· Participate with internal audits and testing of Component and Disaster Recovery Plans
Monitoring & Reporting
· Provide summary and status reports regarding assessments and project status
· Summary reports exception requests and status
· Awareness of all risk-centric tools within the environment
CONDITIONS OF WORK: (Note any travel requirements or physical demands required. Also note if employee will be exposed to any hazardous conditions.)
· On call rotation may be required
· Occasional after hours and weekend work required
· Occasional travel between the business sites may be required
Qualifications:
· Bachelor’s degree preferred, with 3-5 years’ information risk management experience preferred and/or advanced degree in related field
· Educational, Licenses and Certificates.
· CISSP certification or SANS certificates or certification preferred
· 3 + years’ experience working with project teams
· Understands risk and security processes and uses the knowledge to respond to customer inquiries
· Strong technical writing and oral communication skills
· Customer Focus
· Experience interacting with internal customers and vendors
· Organizational sensitivity with the ability to deliver a tough message to associates at all levels
· Possess a professional attitude and work ethic in addition to being well organized and efficient
· Strong computer skills, including operating systems and software with SharePoint experience a plus
· Ability to instill trust; high standards of integrity
· Flexibility and adaptability – adapts to changing priorities
· Self-starter – demonstrates personal initiative; high personal work standards
· Decisive evaluation of risk for applications and infrastructure required
· Requires reading of white papers, briefs, and attending seminars and training to maintain current in technology and IT risk issues and concerns
Qualifications:
· Bachelor’s degree preferred, with 3-5 years’ information risk management experience preferred and/or advanced degree in related field
· Educational, Licenses and Certificates.
· CISSP certification or SANS certificates or certification preferred
· 3 + years’ experience working with project teams
· Understands risk and security processes and uses the knowledge to respond to customer inquiries
· Interact with other teams: Global Information Security, Global Security, Cyber Security, and IT Teams as required
Kind Regards,
Pramod Kumar
Technical Recruiter
Integrated Resources, Inc.
DIRECT # - 732-844-8730