Sr. Information Security Risk Analyst

Job Number:

21-00119

Location:

Columbia, SC

Onsite Flexibility:

Onsite

Job Description

Qualifications:

  • Degree in information assurance, information systems, risk management, auditing, computer science, or related field OR the equivalent in education and work experience
  • 8 years of experience in the information security field with at least 3 years of information security risk management and/or operational risk, developing and executing information security risk assessments using industry standard approaches, methodologies, and frameworks (NIST and financial services regulations)
  • CISSP, CISM, CISA, CRISC, or equivalent industry recognized certification preferred
  • Strong/experienced application development and/or application security background with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step
  • Expert knowledge of, and demonstrable experience in, application security, vulnerability testing, and development of risk appetite, as well as significant experience evaluating and cybersecurity controls
  • Strong awareness and experience with industry risk analysis approaches (ISO, COBIT, COSO), as well as all industry regulations and standards (SOX, GLBA, FFIEC, OCC, HIPAA, PCI DSS, NIST, OWASP)
  • Ability to interact with business stakeholders and technical personnel at all levels
  • Experience organizing, participating, and executing critical time-sensitive projects
  • Experience interacting with project managers, vendors, architects, technical experts, and management
  • Ability to work effectively with limited supervision with business and technical personnel at all levels of the organization
  • Effective at managing personal time and effort across multiple concurrent project assignments
  • Contribute knowledge and recommendations for risk-based assessments on emerging technologies, vulnerabilities, threats, and associated risks

Responsibilities:

  • Foster a culture of collaboration and responsible risk management through the definition and adherence to appropriate risk appetites, control frameworks, policies, and directives
  • Serve as information security subject matter expert for business line projects and participate in the development, implementation, and maintenance of information security
  • Assist with enterprise information security risk deliverables and collaborate with risk partners on information security priorities
  • Perform information security risk assessments, decompose complex risk issues and gain business line consensus on risk level and risk response to include acceptance and mitigation of risks, and establish and communicate residual levels
  • Identify and evaluate complex technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
  • Perform pre- and post-contract risk assessments, as well as ongoing service and compliance monitoring to ensure the continued adherence to applicable industry regulations, standards, policies, and directives
  • Maintain information security by monitoring and ensuring compliance to policies, directives, and standards; contribute to developing and conducting training
  • Understanding the difference between KPIs and KRIs
  • Analyze data to produce specific, measurable, actionable, relevant, time-bound metrics for senior and executive management
  • Monitor information security trends, internal and external, and keep business lines informed about information security-related issues

Location: Columbia, SC
Sr. Information Security Risk Analyst
21-00119

TM Floyd & Company offers a generous array of benefits, depending on the length of assignment. We also offer a referral bonus of up to $1,000. Ask us for more details!

TM Floyd & Company participates in E-VERIFY
AAP, EEO

Share Job Post

Share on facebook
Share on twitter
Share on linkedin

Job Application

  • Drop files here or
    Accepted file types: pdf, doc, docx, pages, Max. file size: 10 MB, Max. files: 2.
    • This field is for validation purposes and should be left unchanged.