Cyber Security Risk Analyst - Parsippany, New Jersey | STAND 8

Cyber Security Risk Analyst
Back to Job Search
Cyber Security Risk Analyst
Date Posted:  12/8/2021
Job ID:  Job #4542
Employment Type: Salary
Location: ParsippanyNew Jersey
Submit Resume
SHARE THIS JOB POST

We are hiring for a Cyber Security Risk Analyst for a security services company. If you are ready to create an impact in a collaborative and fast-paced environment, this could be a great opportunity for you!

STAND 8 provides end to end IT solutions to enterprise partners across the United States and with offices in New Jersey, LA, Atlanta, New York, Mexico and more.


Cyber Security Risk Analyst will report to the Director of Cyber Security and Compliance. As a member of the IT Cyber Security team, the position will actively contribute to the maturation of the company's information security strategy and programs based on key processes, practices, and standards necessary to manage the risks and security controls for the lines of business. The position is responsible for driving the development, implementation, and maturation of a risk management lifecycle for the company’s critical activity partners and suppliers. This will involve establishing a formal Vendor Risk Management (VRM) program that ensures the company’s third-party vendors are following privacy and security obligations and the laws, as well as contractual obligations delineated in the legal agreements between our company and its suppliers.

RESPONSIBILITIES

  • Establish a standard Vendor Risk Management (VRM) framework and practice for the company’s critical suppliers and partners
  • Perform evidence-based security risk evaluations of key vendors to determine the maturity and risk level of controls
  • Assess and document available information about the effectiveness of supplier operations and controls
  • Follow policies to govern vendor relationships and activities to ensure compliance with applicable regulations and contractual obligations
  • Consider entire scope of vendor risks including cyber security, strategic, financial, operational, reputation, transactional and compliance risk factors in supplier assessments
  • Put procedures in place to ensure a risk-based oversight of suppliers is available and maintained
  • Perform security risk assessments on sensitive types of data processing introduced in the global data platform
  • Coordinate the resolution of data confidentiality, integrity, or availability risks by working with business owners and IT
  • Collaboration with Data Privacy Office to ensure privacy-compliant data processing
  • Provide thought leadership in projects to improve the maturity and capabilities of data governance practices

ADDITIONAL RESPONSIBILITIES

  • Conduct internal auditing to measure effectiveness of security controls for the technology infrastructure and systems
  • Perform detailed assessments and internal audits of control environments to ensure compliance to corporate security policies and standards
  • Prepare audit finding memoranda and working papers to ensure adequate documentation exists to support completed audits and conclusions
  • Create artifacts, including documented policies, procedures, diagrams, and other materials required for remediation and compliance evidence to comply with internal and external auditing requirements
  • Develop and drive the completion of internal audit remediation plans to achieve baseline compliance and remediation for identified deficiencies and control gaps
  • Follow up on audit findings to ensure management and control owners take corrective actions
  • Review and prepare IT compliance responses for audits, security questionnaires, contracts, service agreements, RFPs, and SOWs for company’s lines of business
  • Perform periodic internal reviews of company’s cyber security policies and procedures

EDUCATION AND EXPERIENCE

  • Bachelor's degree in IT, business, or related field, or equivalent combination of education and experience
  • 4+ years of experience in audit, risk, compliance, and data governance or similar functions
  • Experience using GRC tools to automate VRM practices and activities
  • Experience in data classification, treatment, and security frameworks

SPECIALIZED KNOWLEDGE SKILLS AND ABILITIES

  • Excellent presentation, written and verbal communication skills
  • Strong analytical and problem-solving skills
  • Ability to work effectively with people at various levels in the organization
  • Self-motivated and able to handle tasks with minimal supervision
  • Understanding of privacy laws and regulations
  • Proficiency with Microsoft Word, Excel, Access, Project, and Outlook
  • Strong PowerPoint presentation skills
  • Working knowledge of information security concepts and controls
#LI-JD1