IT Risk Analyst
IT Risk Analyst
Our direct client, a fast growing manufacturer of engineering instrumentation products and test equipment for commercial and military applications, they are seeking a IT Risk Analyst, in this role you will identify data at risk, cyber at risk and maintaining security adequacy within a security strategy. Additional duties will include maintaining and operating security applications for reporting, interface with third party security vendors and helping to drive internal risk assessments within the organization.
• Sustaining knowledge of current advances in areas of information technology, concerning vulnerabilities, security breaches or malicious act.
• Continually evaluating system vulnerabilities and protection against dynamic threat scape.
• Assist in development of risk assessment and gap analysis, identifying and prioritizing impact and reporting to senior management.
• Assist in identifying data breaches and tracking sources for discovery and being a critical part of incident response plan (IRP).
• Create mitigation and reduction proposals for IT security group
• Execute patch management for all enterprise systems and necessary business applications
• Responsible for maintaining audit and visibility into security events.
• Recommend improvement in all elements of IT security; network security, identity management and logging.
The candidate requires a four-year degree or higher within cyber security or computer science. The candidate is expected to have at least 2-5 years of relevant IT experience, including exposure to business planning, systems analysis and application development with emphasis on security relevant methodologies.
Additional certifications is a plus – Certified Information Systems Security Professional “CISSP”, Certified in Risk and Information Systems Control (CRISC)
• Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
• ISO 27001/27002, ITIL, PCI-DSS, NIST and COBIT framework analysis and application
• Windows operating systems security and system hardening
• Security concepts related to vulnerability assessment and monitoring of cloud technologies
• Practices and methods of IT strategy, enterprise architecture and security architecture
• Knowledge of third party auditing and cloud risk assessment methodologies
• Experience with data protection and data loss prevention