Information Security Risk Analyst Job Description
Information security risk analyst
provides recommendations for advancing cyber defense center practices, security policies, and security control standards to enhance operational practices.
Information Security Risk Analyst Duties & Responsibilities
To write an effective information security risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included information security risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements
Providing advice for obtaining compliance with information security related rules
Quality assurance review of Information Security Self Assessments
Maintenance of information security related documents (including concept, development, obtaining stakeholder buy-in)
Experience with information security management (if possible proven with certificates like CISA, CISM or CISSP)
Experience with risk management methodologies (e.g., in Operational or Information Security Risk Management)
Knowledge and experience in information security standards
Adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering
Plan and perform audits of corporate and business unit teams for adherence to corporate security policies and standards
Conduct on-site security assessments to measure the effectiveness of the third parties current control environment
Information Security Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Risk Analyst
List any licenses or certifications required by the position: CISSP, CISA, CISM, CRISC, II, IAT, ISO27001, SANS, IAM, IA
Education for Information Security Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the information security risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Information Security, Education, Business, Information Systems, Information Technology, Management, Technology, Management Information Systems, Business/Administration
Skills for Information Security Risk Analyst
Desired skills for information security risk analyst include:
Application security
Network security
HIPAA
Database security
Information security
Regulations
Routers
Best practices
Data security practices and procedures
Policies
Desired experience for information security risk analyst includes:
Strong knowledge in various mainframe or distributed processing platforms (i.e., Active Directory, AS400, OS/390, PCs, UNIX, internal applications, databases)
Ability to provide secure solutions to technically challenging problems towards describing available offered solutions to LOBs and technology resources
Technology risk or security certification preferred, CISSP, CISM, CISA, CRISC or equivalent
Bachelor's Degree in Accounting, Finance, Business Administration, or related discipline degree from an accredited college or university OR equivalent experience
Bachelor's Degree in Management Information Systems, Accounting Information Systems, Computer Science or related discipline degree from an accredited college or university OR equivalent experience
Conduct ongoing security assessments to validate appropriate controls are in place
Information Security Risk Analyst Examples
1
Information Security Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking for an information security risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information security risk analyst
- Perform analysis and consulting in information security and risk management to business units, information technology organizations, support and operational functions
- Help support the risk management and information security aspects of business initiatives and Information Technology projects to assist in mitigating security risks for information, business and operational applications and systems across the company
- Assist with the development of security management policies, standards and practices
- Identifying changes to the Information Security Program based on changes to the threat landscape and in solutions and controls to safeguard against risk
- Possesses a holistic view of an Information Security Program and the role of key components to ensure protection of information
- Knowledge of pertinent regulations to understand drivers for controls and adherence to program
- Help support management of security policy, standards and best practices development and maintenance
- Risk Assessments – Supports the development and maintenance of the Bank’s Information Security (GLBA) Risk Assessment in compliance with Regulation H
- Ensure system compliance to security policies, standards, and practices
- Following up with Business and Technology application owners in resolving issues or discrepancies both from the Risk Assessment process but also other identified Risk Related issues
Qualifications for information security risk analyst
- 2-6 years’ experience in technology risk management with strong understanding of Vendor Risk Management in a financial services company
- 5 years of information risk management experience or direct participation in information risk management processes
- 2-5 years of experience in application or infrastructure security
- Explain complex technical concepts in non-technical terms
- Keen understanding of Identity and Access Management issues and the ability to be able evaluate applications and explain issues
- Providing reporting on the risk and compliance status to Senior Management
2
Information Security Risk Analyst Job Description
Job Description Example
Our company is hiring for an information security risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information security risk analyst
- Participate in application security design initiatives to provide a security administration and security coordinator perspective to the process
- Provide consultation to the business on security policies and issues
- Enforce IT security policies, guidelines, standards and procedures
- Support of peer business users to meet required attestation regulations
- Provide guidance on the risk assessment process and platform
- Ability to compile reporting for management – overdue assessments, remediation activity, pipeline status
- Co-ordinating UAT of the risk assessment platform during platform releases
- Providing supervisory guidance to external risk analysts
- Stakeholder engagement with C-BISOs, BISOs, ITAOs
- A university degree in Economics/Computer Science/business IT or comparable field of studies
Qualifications for information security risk analyst
- Knowledge of Identify and Access Management products and processes
- The ability to grasp complex issues quickly
- Understanding of organisational dynamics
- A pragmatic and professional nature
- Able to work proactively in a fast paced environment
- Good supervisory skills, and able to work in virtual global teams in a matrix organization
3
Information Security Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of information security risk analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security risk analyst
- Assess and analyze the level of compliance with all state and local government information security regulatory requirements, and provide updates and status reports relevant to any incidents, ongoing activities, and issues
- Monitor and assess compliance with approved policies, processes, procedures, and practices are effective around system user access and permissions, and provide updates and status reports relevant to any incidents, ongoing activities, and issues
- Support the development and delivery of information security education and ongoing awareness initiatives
- Develops and reviews security policies, procedures, and standards
- Perform gap analysis and security risk assessments to determine if business systems are aligned with regulatory requirements, industry standards, and internal information security policy, procedures, and standards
- A dynamic nature with the ability to adjust to varying environments and cultures
- Able to manage multi-tasks assignments and efficiently prioritize workload with limited supervision and be resilient under pressure
- Able to build a network in the business and among subject matter experts
- Previous experience in a risk and control role would be an advantage
- Perform application risk assessments within our Security Risk Management program
Qualifications for information security risk analyst
- At Least 1 of experience in Python or other related language
- At Least 1 year of experience in a consulting and professional services firm
- At Least 1 year of experience in Hadoop, R, or SaS
- Formal Information Security education or certification, such as CISSP, SANS/GIAC, Information Assurance
- Relevant work experience in information systems and information security as typically acquired in seven years
- Extensive experience with security tools in the healthcare industry
4
Information Security Risk Analyst Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of information security risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information security risk analyst
- Responsible for advancing the enterprise-wide information security risk function to create a union of business risk and information security risk
- Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with and through business leaders and information security risk architecture
- Experience translating information security risk into business terms
- Perform high quality analysis of information security risk data to identify causes of trends and work with information owners to document control plans
- Lead and maintain continuous improvement activities around information security risk monitoring by leveraging data and expert analysis
- Provide support to internal clients and associated vendors, IT management and staff in vendor risk assessments and the implementation and operational aspects of appropriate information security procedures and products
- Act as a liaison to the business and IT groups and assists them in the implementation of vendor risk management related to data privacy, compliance requirements, and information security technologies and applications security
- Partner with Sales and R&D, to enhance and manage the Information Security responsibilities within the Customer Relationship Management
- Understanding of contractual elements with third parties to intelligently speak on the security requirements of a contract from an information security point of view
- Act as a corporate advocate for information security practices
Qualifications for information security risk analyst
- Excellent written and verbal communication skills, with the ability to build effective working relationships with all levels of internal and external constituencies
- Strong organizational, analytical, diagnostic capabilities and problem solving skills
- Demonstrated ability to prioritize work while multi-tasking on assigned work
- Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
- Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports
- Proven ability to train others on various system security threat mitigations
5
Information Security Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of information security risk analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information security risk analyst
- Ensure that the Information Security risk management program is followed in regards to maintaining the risk registry, monitoring of the risk gaps within the registry, meeting the risk owners, reporting on the risks & escalation to senior management
- Manage and improve the Information Security Risk Tracking processes
- Execute program based on NIST/ISO framework, SANS and industry best practices
- Leverage GRC tools to develop and implement information security risk identification, governance and treatment methodology
- Able to develop appropriate information security risk methodologies, but willing to roll up sleeves and drive execution and implementation
- Experience conceptualizing information security risk into business terms
- Work with a process risk assessment team members to develop an understanding of the business and/or technology process, information security controls and risk management methodology
- HIPAA Compliance Assessments
- Develops and implements policies and procedures to adequately address and control the risk management of the company's assets
- Ensures the company is utilizing modern information security measures
Qualifications for information security risk analyst
- 1-3 years of experience working with vendors and third party service providers required
- Knowledge of security control practices, procedures and principles
- Familiarity with risk assessment and risk management concepts or processes
- Working knowledge of various regulatory security requirements - particularly Sarbanes-Oxley (SOX), HIPAA, and HITECH
- Ability to prioritize multiple tasks and be details oriented
- Travel connected with projects for field locations will be necessary, <>