Sr. Information Security Risk analyst.

Overview

On Site
Depends on Experience
Contract - W2
Contract - 12 Month(s)
100% Travel

Skills

GRC
ServiceNow
Information Security Risk Analyst
security risk analysis
CRISC
CISA
CISSP
CISM

Job Details

Job summary:
The Senior Information Security Risk Analyst provides subject matter expertise and leadership to improve the organization's security policies and security risk management processes by establishing a framework of controls so that the organization can manage risk, meet regulatory compliance and maintain governance over all aspects of IT.

location: Reston, Virginia
education: Bachelors

responsibilities:
Lead all audit prep and response across InfoSec and IT. Coordinate response to Internal Audit document requests, stage content and conduct reviews for completeness.

Support Controls, Policy, Standards and Procedures maturity program at AUB for InfoSec and IT to meet mandatory FFIEC, SOX requirements and a threat/risk-based controls program buildout.

Perform security risk analysis with the goal of identifying risk and elevating the company's security posture.

Serve as a subject matter expert and trusted advisor as part of establishing relationships to support risk-based decision making across business, IT and the broader stakeholder community

qualifications:
Between 6 - 10 years' experience in one or more information security roles, including security risk analysis and control design, compliance and risk management, security control process assurance or audit of technology controls

Bachelor's degree in information security, Computer Science, Management of Information Systems, or related field required. Master's degree in a related field is an advantage.

Professional security risk management certification is required, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

skills: Proven experience configuring, managing, and optimizing RSA Archer solutions, with a strong understanding of GRC frameworks and integration of risk data across multiple business units.

Proficient in GRC platforms including RSA Archer, ServiceNow, and other risk management tools. Experienced in automating workflows, building dashboards, and supporting enterprise risk and compliance programs.

Demonstrated deep background (preferred 4+ years) in risk treatment, controls selection and information security controls process design.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.