Senior I/S Security Risk Analyst

Overview

On Site
Hybrid
BASED ON EXPERIENCE
Contract - W2

Skills

SECURITY RISK ANALYST
COMPLIANCE RISK
RISK ASSESSMENT
IT SECURITY
IS SECURITY

Job Details

DPP is seeking a Sr. I/S Security Risk Analyst for an opportunity in Columbia, SC. Candidates must be eligible to earn a low-level US security clearance (public trust).

Work arrangement:
  • Partial onsite: Onsite Tuesday, Wednesday, Thursday and as needed for important meetings, etc. Highly recommended that the successful candidate is onsite during training as much as possible.
  • W2 position; 12 months
  • Must be eligible to earn a low-level US security clearance, which requires a thorough background search and ship.
Position summary:
  • Management of risk management activities: Process, monitor, and report on security/compliance risk items.
  • Perform Corporate Risk Assessment and communicate results to Senior Management.
  • Conduct research and assessments on security-related topics (Policy, Third-Party, Security Processes).
  • Develop and communicate security policies and security standards.
  • Provide consultation and guidance to the different Business Units for security and compliance activities.
  • Facilitate meetings and conduct presentations with various levels of management.
Required technologies:
  • Microsoft (M365): Outlook, Teams, Excel, Word, Lists, PowerPoint, SharePoint (intermediate)
Nice to have:
  • Microsoft Visio, Planner, Forms, Power BI, Power Automate
  • RSA Archer
  • ServiceNow (intermediate)
Preferred certification:
  • ISC2 Certified Information Systems Security Professional (CISSP)
Minimum required work experience:
  • 8 years of IT experience including 6 years of IT security, risk assessment and/or compliance experience.
  • Successful completion of the client s I/S Entry Level Training Program (ELTP) may be substituted for 2 years of IT experience.
Job/class description:
  • Develop strategies and approaches for business development proposals within a compliance and systems security context. Plan and perform compliance and systems security activities in alignment with contractual role. Communicate and escalate compliance and risk issues to the appropriate customer representative and/or level of management. Act as a change agent to influence I/S and corporate compliance culture in alignment with business constituency. Develop strong systems security customer business relationship. Provide expert level consultation regards contractual system security obligations, frameworks, and control requirements.
  • Oversee remediation of new and outstanding issues, including Information Security Risk Exception process, across multiple business areas and security frameworks. Utilize tools to track and report on compliance posture.
  • Conduct or lead others in the procedural and operational review of internal IS security compliance standards. Oversee formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks. Identify and champion efficiency improvements related to security, risk and compliance processes. Engage appropriate Client Management areas to facilitate process improvements through formal IS Methodology.
  • Lead the development, implementation and documentation of Information Security policies, procedures, processes and programs to guide IS toward continuous compliance. May conduct or lead others in the analysis and interpretation of security regulations and controls. Proactively provide strategic consulting to IS functional teams with the development, implementation, monitoring, and reporting of control processes, documentation and compliance routines for moderate to highly complex work efforts.
  • Serve as an interface with external entities for governance and compliance reviews regarding information security risk.
  • Conduct or lead others in the investigation, documentation and resolution of Information Security Incidents. Advises senior management of critical issues that may affect organization.
  • Research emerging security topics, threats and capabilities to create/update policy and governance. Engage appropriate leaders to evaluate and mitigate potential exposure. Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices, as well as delivering training to personnel.
Required knowledge, skills, and abilities:
  • Complete understanding of systems security business life cycle methodologies.
  • Subject Matter Expert in both government and private risk frameworks and control implementations.
  • Comprehensive understanding of business system security risk management, information system security and compliance practices.
  • Demonstrate excellent analytical, problem solving, decision-making skills, interpersonal and ownership skills.
  • Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
  • Ability to lead others in solving problems often spanning multiple environments and business areas.
  • Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
  • Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols.
  • Excellent communication skills in presenting results to customers, senior management, and matrix staff both verbally and in writing.
  • Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
  • Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
Required education/equivalencies:
  • Bachelor s degree in Computer Science, Information Technology, or other job-related degree;
  • OR, Associates degree in CS, IT, or other job-related degree plus 2 years of work-related experience;
  • OR, 4 years job-related work experience (total 12 years without a degree)
About the team:
  • The Strategic Security & Compliance Team is a small team working with multiple Lines of Business (LOB) and teams across the company.
  • Currently oversees multiple strategies: Enterprise Risk Management, Third Party Risk Management, Access Management, Application Security, and others.
  • Supports over 20 LOBs under the organization s umbrella.
  • Manages Corporate Security Framework (Security Policies).
  • Conducts risk assessments periodically and present results to senior management.
  • Conducts research and analysis on security/compliance related topics.
  • Part of the I/S Governance committee. Chairs the Policy and I/S Standards Committee.
  • Engaged in the yearly budget for Security and Compliance activities.
Interested? Learn more:
Click the apply button or contact our recruiter Kenny at to learn more about this position (#25-00423).

: This role requires the ability to obtain a low-level US security clearance, which requires a thorough background search and ship. Residency requirements may apply. EOE/AA/V/D

DPP

offers a range of compensation and benefits packages to our employees and their eligible dependents. Call today to learn more about working with DPP.


Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About DP Professionals Inc