Cyber Security Risk Analyst
Our Northern MA client is looking for an experienced Cyber Security Risk Analyst. The ideal candidate has worked in the security risk management space and possesses strong knowledge of security risks, vulnerabilities, and threats. Their primary responsibility will be to determine application security requirements; plan, test and implement security controls; and develop security standards, policies and procedures.
Cyber Security Risk Analyst Key Responsibilities
- Determine inherent risks of current and prospective third-party products, services and data partnerships
- Design and execute third-party security assessments and prioritize control remediation as appropriate
- Review processes and build metrics that help educate internal organizational leaders on their third-party’s information security profile
- Demonstrate strong knowledge in IT controls, risk assessments, gap assessments and the design and testing of security controls
- Work with external audit teams for NIST, PCI, SOC and other audits
Cyber Security Risk Analyst Experience and Required Skills
- 5+ years of related work experience in Information Security GRC or relevant Audit or Compliance roles.
- Familiar with information security frameworks (e.g., ISO 27001/2, SOX IT Controls, COBIT, SOC 2 Trust Principles, PCI DSS, NIST 800-53/CSF).
- Prior experience conducting and analyzing security risk assessments for complex organizations.
- Experience with enterprise security monitoring and vulnerability scanning tools (i.e. Nikito, Netsparker, Nexpose, Qualys or OpenVas)
- Experience organizing tabletop exercises for disaster recovery and incident response
- Must be flexible, adaptable, and work easily with other people in a collaborative team environment.
- Able to communicate relevant information clearly and concisely both verbally and in writing.
- Able to work independently on multi-task assignments in a fast-paced environment with a high sense of urgency.
- Bachelor’s degree in information security, Computer Science, Management Information Systems or related field preferred.
- Professional certifications in Information Security or Risk Management (e.g., CTPRA, CTPRP, CISA, CISM, CRISC, or CISSP)
For more information about this position or to apply, please contact Justin Davidson at Justin@compass-sys.com