IT Security Risk Analyst

IT Security Risk Analyst

Location: Remote

• Manage multiple concurrent risks and exceptions against our systems and products and coordinate with architecture, vulnerability management, cloud operations, product, and business teams.
• Familiarity with risk frameworks such as ISO/IEC 27005, NIST RMF, and FAIR, including experience in analyzing the potential impact and likelihood of identified IT security risks.
• Prioritizing risks based on severity and likelihood, considering data sensitivity, compliance requirements, and business impact.
• Accurately record identified IT security risks in the risk register, including detailed descriptions of risks, potential impacts, and mitigation measures.
• Develop IT security risk mitigation strategies, such as collaborating with risk owners to implement firewalls, encryption, access controls, and intrusion detection systems.
• Assign responsibility for implementing risk mitigation measures to appropriate IT stakeholders/process owners and conduct follow-ups to ensure mitigation efforts are on track.
• Regularly review and update the risk register to reflect new IT security risks and changes in existing risks.
• Monitor the effectiveness of IT security measures and update them as necessary to address evolving threats.
• Communicate IT security risk-related information effectively across the organization, including to non-technical stakeholders.

Skills:

Familiarity with risk frameworks such as ISO/IEC 27005, NIST RMF, and FAIR, including experience in analyzing the potential impact and likelihood of identified IT security risks.

Education: Four Degree with 2-3 experience or 5-6-year experience.

#DICE

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.