Overview
Skills
Job Details
Must be based in EST zone!
100% remote - Full time role
Advanced technical policy creation: collaborated with key stakeholders to design a comprehensive policy portfolio derived from the assessment of internal controls.
Re-engineered the information services risk & compliance program framework (i.e., how information is received, categorized, protected, stored, accessed, monitored, reported, etc.) based on ISO 27001 best practices.
IS Audit advisory to the standardization of a formal Risk & Compliance Self-Assessment (RCSA) platform.
Implemented controls and cost-effective approaches to minimize risk reviewed and analyzed trends.
Mitigated project risks guided by gap assessments for critical financial applications and support systems
- Provided management guidance to IT managers aimed at the implementation of an enterprise-wide IT asset inventory program by standardizing network server access practices and accountabilities that resulted in a 60% reduction in external perimeter connectivity and Sox 404 compliance
- Established and standardized a Policy, Risk & Compliance initiative and resultant of an online catalogue consisting of 70+ InfoSec process documents (mapping to NIST, Sox 404, and PCI requirements.)
Must Have Skills: | Passion for Information Security and Risk Management. 3+ years of experience in Information Security and/or Risk and Compliance. Experience in identifying risk, and then designing and implementing security capabilities to address those risks. Experience in designing controls (capabilities) and measures to determine if controls are operating effectively. Experience with security frameworks such as the NIST Cybersecurity Framework. Strong written and verbal communication skills including the ability to translate technical topics to non-technical audiences. Ability to prioritize and manage various project and operational deliverables. Willing to be flexible to support the team as needed |
What will the Sr Risk Management Analyst do?
Client is hiring for a Senior Risk Management Analyst to help design, build, operationalize, and mature capabilities within the information security program. In this role, you will pair with our Chief Information Security Officer and other members of the Coterie team to assess current state, recommend security capabilities based on the NIST Cybersecurity Framework, work with teams throughout to implement those capabilities, map capabilities to controls, and then track those controls to ensure they are operating effectively, automating that collection whenever possible. In this role you will also be key in designing and building a robust and risk based Third Party Security program. If you are passionate about information security and having the ability to influence and build a risk-based information security program, this is the right role for you!
- Passionate about Risk-Based Cybersecurity programs and enabling the business to operate in a secure and compliant manner.
- Execute risk assessments including scoping, threat and risk scenario identification, and all aspects of the risk assessment process. Identify areas of opportunity to reduce residual risk to a level consistent with risk appetite and collaborate with CISO and other security team members to build out the security capability road map.
- Consult on projects and make security control recommendations and assist teams in control design, implementation and tracking.
- Support Service Organization Control (SOC 2, SOC 1) program through evidence gathering, testing, and coordination with auditors and stakeholders
- Strong desire to drive efficiencies, make risk-based decisions, implement automation, and recommend and track meaningful KPIs and KRIs.
- Development and administration of Coterie s Information Security Program documents including policies, standards and controls library.
- Work collaboratively and help build a strong cybersecurity team.