Senior Information Security and Risk Management Analyst
Parsippany, NJ | Direct Hire
- Job Title: Senior Security and Risk Analyst
- Location: Morris County, New Jersey
- Status: Direct Hire – Full-Time
- Remote: No
Our client in the Morris County area is currently seeking a sharp and experienced Senior Information Security and Risk Management Analyst to join their team in a full-time capacity. This position will be working with business units to identify security requirements, collaborating on critical projects to ensure that security issues are addressed throughout the project life cycle, working with IT and other Business Units to identify, select and implement appropriate security and risk management controls and maintain current baselines for the secure configuration and operations of systems.
Qualified candidates should have experience working independently and carry 5- 7 years of experience in Risk Management and Governance. A minimum of one security certification is required for this role along with a Bachelor’ s Degree in a related field.
Additional responsibilities include, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting risk assessments.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Works with business units to identify information security requirements, using methods that may include risk and business impact assessments.
- Conduct application risk assessments and vendor risk assessments.
- Develop and update policies and procedures for the general operation of the Information Security and Risk Management program.
- Create and maintain Information Security policy exceptions process.
- Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
- Play an advisory role in application development or other related projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Manage Information Security Awareness Program
- Maintain up-to-date detailed knowledge of the Information security and Risk Management industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Continuous review and improvement of current processes to maintain a secure and compliant environment
- Participate in the review and update of enterprise security and risk management program
- Participate in the creation of enterprise information security and risk management documents (policies, standards, baselines, guidelines and procedures)
- Maintenance of Security and Risk Management Framework based on HITRUST Standard
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The core competencies listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Formal Education & Certification
- Bachelor' s degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree.
- 5-7 years of experience in information security and risk management.
- Experience conducting risk assessments, maintaining Security Frameworks based on HITRUST aspects of multiple computer platforms, operating systems, products, network protocols and system architecture.
- At least one or more of the following certifications:
Knowledge & Experience
- Strong knowledge of information security and risk management,
- Strong knowledge of current and evolving cyber threat landscape
- Significant theoretical and practical knowledge in the following areas:
Unix, Linux, Windows, etc. operating systems, well-known networking protocols and services (FTP, HTTP, SSH, SMB, LDAP, etc.), exploits, vulnerabilities, network attacks
- Proficiency, and experience, using information security tools and related methodologies.
- Experience investigating security incidents.
- Knowledge of specialized telecommunication techniques such Virtual Private Networks, encryption methodology and their associated technologies.
- Knowledge of industry standards including SSAE 16, ISO 27001, etc.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment
If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!