Principal Cybersecurity Risk Analyst

Principal Cybersecurity Risk Analyst

12 Months contract - Later hire

Location : @ Newark , NJ Hybrid model

Job Description:

Job Overview

• The  Principal Cybersecurity Risk Analyst (PCSA) will lead project and technology-based risk assessments within the environment, lead technical and nontechnical third-party risk assessments, and recommend mitigating action or controls.
• The PCSA will further identify and convey information security, physical security, business continuity, and IT operational requirements to project teams, and the Sourcing department in support of new contracts and ongoing engagements.
• The primary responsibility of the PCSA is to oversee and monitor mitigation strategies for information security risks.

Major Responsibilities

• Lead third party vendor risk, project risk, or technology risk assessments. Oversee the assessment of the adequacy of a vendor's security program to safeguard CLIENT’S data.
• Communicate with business and IT regarding security risks and deficiencies.
• Lead ongoing security assessments to validate appropriate controls are in place. 
• Review Vendor reports to acknowledge findings from the security assessments and document remediation action plans. 
• Ensure proper evidence is gathered to facilitate timely closure of remediation plans.
• Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements and internally to junior analysts.
• Lead the development and improvement of security processes, assist in metrics development, both within the technology and business organizations. Continuously review and improve the TPRM program, with the intention of improving the efficiency of the workflow as well as the quality of metrics development and reporting.
• Lead cross-functional teams to  serve as the facilitator between the Information Cyber Security Office and the broader organization.
• Act as a security advisor and ensure an ongoing awareness of identified risks.
• Collaborate with internal ICSO teams to utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed.
• Conduct technical research to aid in threat assessment.
• Lead the evaluation and assessment of supplier criticality and review changes in scale and scope of services contracted with supplier for material impact.
• Actively promote commitment to CLIENT’s Information Security, Enterprise Risk Management and Audit initiatives, as well as its culture of compliance.

Internal Relationships:

• Legal Affairs, IT Governance, or IT Security Operations
• Internal Customers/Users
• Internal clients and constituents
• External Relationships:
• 3rd Party Suppliers/Vendors
• 4th Party Suppliers/Vendors
• External Customers
• The information above is intended to describe the general nature of the work being performed by each incumbent assigned to this position.  This job description is not designed to be an exhaustive list of all responsibilities, duties, and skills required of each incumbent.

Qualifications:

Education/Experience

• HSD or GED required, Bachelor Degree preferred (or equivalent work experience)
• Third party, technology, and project risk assessment experience
• Experience with Governance, Risk, and Compliance tools
• 5-year experience in Risk Management  with advanced understanding of Third-Party Risk
• Management.
• 7 years of experience in an Information Technology Audit/Information Security

Proficient working knowledge within the following risk domains/technologies:

• Change Management
• IDS/IPS technologies
• Firewall technologies
• Network Architecture
• Vulnerability Management
• System/Access Administration
• Key Management/Tokenization
• Database and application security
• Secure Software/Code Development
• Physical and Environmental Security
• Security Event Logging & Monitoring
• Database/Application/Network Layer Secure Protocols
• Cloud Security
• Identity & Access Management
• Business Continuity and Disaster Recovery Management
• Automation/Artificial Intelligence

Additional Licensing, Certifications, Registrations

• CISSP, CISA, CRISC or equivalent.

Knowledge:

• Requires a solid understanding of IT security concepts with an emphasis on Security and Risk Assessment.
• Requires solid knowledge of IT and computer systems.
• Requires familiarity with HIPAA security rules and National Institute of Standards and Technology (NIST) standards
• Requires familiarity with Vendor Risk Management.
• Suggested familiarity with ServiceNow tool.

Skills:

• Requires strong analytical thinking skills.
• Requires excellent verbal and written communication skills.
• Requires excellent interpersonal skills and the ability to work effectively with others as a team.
• Requires excellent PC skills and demonstrated proficiency with MS Office Suite.
• Requires the ability to handle multiple tasks and prioritize effectively.
• Ability to train/mentor incoming team members.