Sr. IT Risk and Security Analyst - 100% REMOTE

Apply for this position Please mention DailyRemote when applying
Posted 4 days ago United States Salary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

Clover Consulting has a large, direct client in need of a Sr. IT Risk and Security Analyst. Term of this contract position is 6 months with great chance of long term extensions. This is a 100% REMOTE position and will be for the entirety of the contract.

Your Experience Includes

  • 10+ years of work experience in information security, especially in an information risk analysis role
  • 6+ years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
  • One or more of the following certifications: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified Information Systems Auditor (CISA)

About the Role - You Will:

  • Evaluates the organization for potential security risks, opportunities for improvement, and proposes solutions for minimizing and mitigating the risks identified.
  • Designs and coordinates enterprise-wide privacy risk assessments to identify key privacy risks and prioritize compliance monitoring efforts for the Privacy Compliance function and areas of focus across the enterprise.
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
  • Leads examinations and monitoring activities over a spectrum of IT Security / Cybersecurity topics to determine the effectiveness of client's IT risk management program and validate remediation efforts of identified issues.
  • Works with management in the development and implementation of appropriate internal controls and measurements to reasonably ensure that the activities of the organization comply with the law, regulation, and rules.
  • Develops and coordinates security and vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model
  • Engage leadership team, employees, and volunteers in a culture of security and safety.
  • Owns security risk register and related functions.
  • Coordinates the identification and ranking of security risks and vendor risks
  • Coordinates the classification and tiering of vendors by risks and risk impacts
  • Tracks identified risks and risk events.
  • Performs compliance audits to determine whether established protocols are being followed and where they can be improved.
  • Communicates identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and the addressing of these issues.
  • Builds communication and escalation plans around security risk management and vendor risk management activities within the enterprise.
  • Ensures the organization maintains appropriate IT Security, administrative, technical, and physical safeguards to protect information and work in collaboration with head of security or designee.
  • Understands and applies relevant regulatory and legal compliance requirements
  • Manages vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies.
  • Develops, monitors and possibly executes vendor remediation actions, mitigation and contingency plans when risks or events are identified.
  • Partners with sourcing and vendor relationship/contract management functions where they are not part of this group to manage vendor behavior
  • Collaborates, as appropriate, with information security, finance, compliance and/or disaster recovery and business continuity management and other risk functions to maintain an enterprise risk management program.
  • Reviews contracts for appropriate security language and coordinates with legal for correct contract language being managed for all vendors..
  • Collects and reviews SOC1 & SOC2 for appropriate security controls and vendor security questionnaire
  • Works with regulatory officers and auditors as necessary.
  • Examines subrecipient single audit reports, financial statements, and other financial documentation. Evaluates subrecipient findings and corrective action plan, assigns subrecipient financial risk assessment level, maintains subrecipient risk assessment database and completes and sends management decision letters.
  • Performs focused information risk assessments of existing or new services and technologies, along with business counterparts.
  • Determine compliance metrics/KPI and establish and maintain systems for tracking compliance practices and develop dashboards / reports on risk and privacy
  • Builds dashboards and reports on Security Risk.
  • Develop training and materials to educate research community about compliance policies and protocols.
  • Create compliance resource library for staff members to reference when they have questions
  • Communicates risk assessment findings to team owners and custodians of information risk "business partners," or information governance teams and information security teams.
  • Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
  • Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.
  • Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
  • Assists in responding to audits, penetration tests and vulnerability assessments
  • Researches, designs, and implements cyber security solutions for organization systems and products that comply with all applicable security policies and standards
  • Works with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software
  • Assists in the review and update of cyber security policies, architectures and standards
  • Participates in the planning and design of enterprise security architecture where appropriate.
  • Recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Creates and owns business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies.
  • Other duties as assigned by management.

Qualified Candidates please apply with resume.