IT Risk Analyst 1yr Contract to Hire
IRJ last edited by
Located in the Orlando, Florida area...
Contract IS Risk Assessment Analyst – Job Description
The IT Governance, Risk Management & Compliance Analyst is responsible for working with the GRC Leadership team, Information Technology, Business Units, other relevant departments to analyze and implement IT Security & Risk Management frameworks, policies, standards and best practices. Assists in translating industry, government and contractual compliance requirements (PCI-DSS, HIPAA, NIST, etc.) into IT Security & Risk Management frameworks, policies, standards & best practices. Coordinates remediation of non-compliant areas of IT. Supports and coordinates internal and external audits for the areas of IT Security, Risk Management & Compliance. Assists in development and implementation of IT security awareness programs for both technical and non-technical audiences.
• Supports the work of the IT Security Governance, Risk Management & Compliance (GRC) department who are responsible for analyzing and implementing IT Security & Risk Management frameworks policies, standards and best practices.
• Executes regular or scheduled tasks as assigned, summarizing and reporting findings, ensuring that audit issues and associated root causes are understood, well defined and presented to GRC leadership.
• Assist in the development of formal written reports to communicate audit results to management and makes recommendations as appropriate.
• Works with GRC Leadership, Information Technology and Business Units to document and implement IT Security & Risk Management frameworks, policies, standards and best practices.
• Supports and coordinates internal and external audits for the areas of IT Security and Risk Management.
• Coordinates remediation for non-compliant areas of IT.
• Maintain a high level of technical expertise on selected vendor products to assist team leadership in identifying the ones that best meet the organization needs.
• Maintains up to date knowledge of security laws, principles and best practices.
• Stay current with emerging threats and trends.
• Assist teams in various security and privacy risk mitigation efforts.
• Monitor and process Service ticket queues.
• Assists with vulnerability management.
• Conduct risk assessments and audits on the organization's information technology infrastructure.
• Identify Cyber Security threats/Vulnerabilities and escalate to senior team members.
• Work with a team of Cyber Security Engineers across multiple software programs.
• Ability to work individually and on team projects in an environment of teamwork and cooperation.
• Performs general project planning tasks such as project risk assessments, alternative implementation analysis, and project status tracking and reporting.
Associate’s degree in Computer Science (or equivalent). Two (2) years of directly related work experience may substitute for the Associate’s degree (in addition to the requirements listed in the Experience section)
Required: At least one Security Governance, Risk and Compliance related certification (Security+/CISSP/GIAC/CRISC/ CGEIT/ PMI-RMP/ CRMA/ GRCP etc…)
Three (3) years’ experience in information technology including one year of IS Security Risk Assessment related experience.