IT Risk & Security Analyst

Monitors, analyzes, and maintains systems and procedures to safeguard internal information systems, networks, databases, and web-based security. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

Required Education must meet one of the following:

• Bachelor's Degree in Computer Science, Electrical Engineering, or related technical field of study or equivalent work experience (Two years' relevant work experience is equivalent to one year college)
• International Degree equivalency
• Applicable certification(s) as defined by the leader + 2 years additional experience
• Associate's Degree in Computer Science, Electrical Engineering, or related technical field + 2 years additional experience

Our Analyst ideally has knowledge of:

• Risk assessment methodologies and processes
• Problem analysis, triage, and trouble-shooting methodologies
• Incident response concepts and processes
• System development life cycle
• Auditing and testing procedures

With the ability to:

• Create technical specifications tied to business risk
• Develop policies, procedures, and standards
• Translate regulatory and policy requirements
• Make proposals to and communicate with management and the user community
• Methodically analyze and solve problems, technical and otherwise
• Perform data collection and analysis
• Collaborate and coordinate with other teams
• Conduct risk assessments and analysis, assign risk scores, and assign priorities
• Develop process and system documentation
• Develop and execute test plans

Your day may look like:

• Documents procedures, practices, and policies to include preparing documents for compliance audits.
• Analyzes and identifies internal risk and security controls to identify existing security weaknesses, external and internal cyber threats.
• Recommends and implements changes to enhance systems security for effective mitigation and remediation efforts and prevent unauthorized access.
• Reports, investigates, and resolves security incidents. Performs root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions.
• Manages risks related to the use of information technology, information security, privacy, regulatory compliance, and governance.
• Ensures compliance with regulations and privacy laws.
• Maintains the Company's information security controls and security architecture, ensuring threats to business systems and applications are minimized.
• May manage access controls to applications. Implements technologies to centrally integrate identify systems across the organization.
• May track and monitor risk activities, notifying action owners, and escalating where required.
• Oversees internal or external systems security (i.e. cloud services)
• Performs initial review or first draft of documentation for the validation, assessment, and authorization of processes necessary to assure that existing and new information technology systems meet the organization's cybersecurity and risk requirements
• Participates in cross-functional teams to recommend design and implementation of standards, tools, and methodologies
• Performs other duties and responsibilities as assigned.

Reasonable accommodations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.