Information Security Risk Analyst Senior

Posted:
7/12/2024, 12:41:30 PM

Location(s):
Texas, United States ⋅ Houston, Texas, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Our associates celebrate lives. We celebrate our associates.

Consider the possibilities of joining a Great Place to Work!

Responsible for scoping, independently analyzing, and reporting operational activities on Cyber Risk Management & Governance Compliance Program. Track and identify risks and process gaps. Advanced Data analytic, programming, and technical reporting skills demonstrated on all projects. Advanced skills with a GRC platform leveraged to collaborate with key stakeholders and management to ensure risk is tracked and remediated. Superior organization and project management reporting for budgeting and actual effort to senior management and identifying efficiencies for the Information Security Department.

JOB RESPONSIBILITIES

Governance Risk & Compliance

  • Executes application security assessments on both internal and external applications and work with IT architecture to ensure security is included in the design of deployment and usage.
  • Independently executes third party risk assessments on vendors and report on findings to IT management.  Reports and coordinates approval of vendor based on findings with Legal counsel and SCI management for key vendors.
  • Assesses and reports on key risks identified in compliance activities, key findings, and work with teams to remediate key findings or find alternative mitigating controls.
  • Reviews required SOX & Privacy controls to ensure performed as required.  Identifies opportunities for automation of analysis where relevant for manual controls and ability to propose better controls that meet the same control objectives leveraging security technology tools.
  • Updates and drafts policy and procedures as necessary for approval by management.
  • Communicates and coordinates data requests with required external and internal auditors for SEC, SOX, and risk management assessments.

Security Reviews

  • Ensures that unmitigated risks, compliance gaps, and vulnerabilities are prioritized based on the risk to SCI information systems and data.
  • Executes follow-up on vulnerability testing, cybersecurity incidents, periodic compliance and program assessments, and/or pen-testing to ensure identified risks are mitigated.
  • Prepares metrics and provide scorecard reports for risk management activities periodically.

Security Awareness Training

  • Develops security communication to SCI associates and security awareness training material.
  • Executes coordinated training campaigns with HR and training LMS system.

Expectations

  • Project manages short-term initiatives with department scope.  Develops timelines, Gantt charts, activity logs, schedules and facilitates recurring team meetings, writes business requirements, may write software test scripts and guide testers as well as drafts communications and job aids.
  • Self manages workload-negotiating deadlines to meet expectations.  Takes the initiative to discuss assignments, expectations, priorities and deadlines as well as seek guidance and coaching from manager. Adjusts quickly to new work structures, processes, requirements or cultures.    Ability to manage and report on multiple work streams concurrently and complete assignments within time constraints using project management software to communicate activity status.
  • Completes complex and unique assignments independently.  Applies experience and knowledge of industry, company, policies, and regulations to resolve or recommend solutions.  Discusses escalated issue recommendations with manager.   Ensures compliance with local, state, and federal regulations.
  • Recommends efficiencies to team and manager.  Documents work as part of deliverables, resulting in high quality materials for internal and external usage. Writes standard operating procedures (SOP) and develops job aids.  May train colleagues on department procedures and standards.
  • This is not intended to be an all-inclusive list of the essential functions or duties related to this job

Minimum Requirements

Education

  • Bachelor’s degree in IT or a related field

Experience

  • At least seven (7) years’ experience in Information Security Risk Management (related fields such as IT security, legal, audit, compliance, or privacy will be considered) with increasing responsibility
  • At least three (3) years’ experience working with outsourced providers in the delivery of IT Security services and reviewing SOC reports
  • At least four (4) years’ audit/assessment experience in SOX, PCI, or other mandatory compliance
  • Experience leveraging programming (Python, Microsoft Power BI, SQL, Powershell, Splunk) to automate manual activities, especially data extracts and controls testing.

Knowledge, Skills and Abilities

  • Demonstrated ability to envision and integrate various security technologies and controls into a Governance Risk and Compliance software that sufficiently report and mitigates risk to the organization. 
  • Advanced Governance Risk & Compliance (GRC) platform experience (Archer, RSAM, Onetrust, Metricstream, etc.)
  • Proven ability to author strategic security roadmaps and translate into execution plans to drive desired outcomes
  • Solid problem solving and analytical skills; able to quickly digest issue/problem encountered and recommend an appropriate solution
  • Cognitive Ability including reason, plan, solve problems, think abstractly, comprehend complex ideas, learn quickly, learn from experience, and appropriately apply learning to new situations.
  • Process and results oriented, motivated to keep projects moving ahead by removing obstacles and exploring alternatives. 
  • Ability to create clear reports and data visualizations to assist in decision-making and problem analysis
  • Conversant in technical discipline acumen
  • Ability to manage change and ambiguity and work with management to propose adjustments as required.
  • Must have a positive attitude, a drive to continually advance your understanding of the industry and business, and highly self-motivated
  • Ability to build professional and trusting business relations across the company
  • Ability to interact with and influence all levels of management
  • Professional written and verbal communication skills with the ability to communicate clearly end effectively with technical and business stakeholders
  • Proficient MS Office Suite skills

Work Conditions

Work Environment

  • Comply with Corporate dress code policy

Work Postures

  • Continuous periods of time sitting, frequently up 6 hours
  • Climbs stairs to access buildings

Physical Demands

  • Physical effort requiring manual dexterity is required, includes paperwork, calculators, computers and phone usage

Work Hours

  • Working beyond “standard” hours as the need arises
  • No routine travel

Postal Code: 77019

Category (Portal Searching): Information Technology

Job Location: US-TX - Houston