Information Security Risk Analyst Job Description
Information Security Risk Analyst Duties & Responsibilities
To write an effective information security risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included information security risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Risk Analyst
List any licenses or certifications required by the position: CISSP, CISA, CISM, CRISC, II, IAT, ISO27001, SANS, IAM, IA
Education for Information Security Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the information security risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Information Security, Education, Business, Information Systems, Information Technology, Management, Technology, Management Information Systems, Business/Administration
Skills for Information Security Risk Analyst
Desired skills for information security risk analyst include:
Desired experience for information security risk analyst includes:
Information Security Risk Analyst Examples
Information Security Risk Analyst Job Description
- Perform analysis and consulting in information security and risk management to business units, information technology organizations, support and operational functions
- Help support the risk management and information security aspects of business initiatives and Information Technology projects to assist in mitigating security risks for information, business and operational applications and systems across the company
- Assist with the development of security management policies, standards and practices
- Identifying changes to the Information Security Program based on changes to the threat landscape and in solutions and controls to safeguard against risk
- Possesses a holistic view of an Information Security Program and the role of key components to ensure protection of information
- Knowledge of pertinent regulations to understand drivers for controls and adherence to program
- Help support management of security policy, standards and best practices development and maintenance
- Risk Assessments – Supports the development and maintenance of the Bank’s Information Security (GLBA) Risk Assessment in compliance with Regulation H
- Ensure system compliance to security policies, standards, and practices
- Following up with Business and Technology application owners in resolving issues or discrepancies both from the Risk Assessment process but also other identified Risk Related issues
- 2-6 years’ experience in technology risk management with strong understanding of Vendor Risk Management in a financial services company
- 5 years of information risk management experience or direct participation in information risk management processes
- 2-5 years of experience in application or infrastructure security
- Explain complex technical concepts in non-technical terms
- Keen understanding of Identity and Access Management issues and the ability to be able evaluate applications and explain issues
- Providing reporting on the risk and compliance status to Senior Management
Information Security Risk Analyst Job Description
- Participate in application security design initiatives to provide a security administration and security coordinator perspective to the process
- Provide consultation to the business on security policies and issues
- Enforce IT security policies, guidelines, standards and procedures
- Support of peer business users to meet required attestation regulations
- Provide guidance on the risk assessment process and platform
- Ability to compile reporting for management – overdue assessments, remediation activity, pipeline status
- Co-ordinating UAT of the risk assessment platform during platform releases
- Providing supervisory guidance to external risk analysts
- Stakeholder engagement with C-BISOs, BISOs, ITAOs
- A university degree in Economics/Computer Science/business IT or comparable field of studies
- Knowledge of Identify and Access Management products and processes
- The ability to grasp complex issues quickly
- Understanding of organisational dynamics
- A pragmatic and professional nature
- Able to work proactively in a fast paced environment
- Good supervisory skills, and able to work in virtual global teams in a matrix organization
Information Security Risk Analyst Job Description
- Assess and analyze the level of compliance with all state and local government information security regulatory requirements, and provide updates and status reports relevant to any incidents, ongoing activities, and issues
- Monitor and assess compliance with approved policies, processes, procedures, and practices are effective around system user access and permissions, and provide updates and status reports relevant to any incidents, ongoing activities, and issues
- Support the development and delivery of information security education and ongoing awareness initiatives
- Develops and reviews security policies, procedures, and standards
- Perform gap analysis and security risk assessments to determine if business systems are aligned with regulatory requirements, industry standards, and internal information security policy, procedures, and standards
- A dynamic nature with the ability to adjust to varying environments and cultures
- Able to manage multi-tasks assignments and efficiently prioritize workload with limited supervision and be resilient under pressure
- Able to build a network in the business and among subject matter experts
- Previous experience in a risk and control role would be an advantage
- Perform application risk assessments within our Security Risk Management program
- At Least 1 of experience in Python or other related language
- At Least 1 year of experience in a consulting and professional services firm
- At Least 1 year of experience in Hadoop, R, or SaS
- Formal Information Security education or certification, such as CISSP, SANS/GIAC, Information Assurance
- Relevant work experience in information systems and information security as typically acquired in seven years
- Extensive experience with security tools in the healthcare industry
Information Security Risk Analyst Job Description
- Responsible for advancing the enterprise-wide information security risk function to create a union of business risk and information security risk
- Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with and through business leaders and information security risk architecture
- Experience translating information security risk into business terms
- Perform high quality analysis of information security risk data to identify causes of trends and work with information owners to document control plans
- Lead and maintain continuous improvement activities around information security risk monitoring by leveraging data and expert analysis
- Provide support to internal clients and associated vendors, IT management and staff in vendor risk assessments and the implementation and operational aspects of appropriate information security procedures and products
- Act as a liaison to the business and IT groups and assists them in the implementation of vendor risk management related to data privacy, compliance requirements, and information security technologies and applications security
- Partner with Sales and R&D, to enhance and manage the Information Security responsibilities within the Customer Relationship Management
- Understanding of contractual elements with third parties to intelligently speak on the security requirements of a contract from an information security point of view
- Act as a corporate advocate for information security practices
- Excellent written and verbal communication skills, with the ability to build effective working relationships with all levels of internal and external constituencies
- Strong organizational, analytical, diagnostic capabilities and problem solving skills
- Demonstrated ability to prioritize work while multi-tasking on assigned work
- Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
- Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports
- Proven ability to train others on various system security threat mitigations
Information Security Risk Analyst Job Description
- Ensure that the Information Security risk management program is followed in regards to maintaining the risk registry, monitoring of the risk gaps within the registry, meeting the risk owners, reporting on the risks & escalation to senior management
- Manage and improve the Information Security Risk Tracking processes
- Execute program based on NIST/ISO framework, SANS and industry best practices
- Leverage GRC tools to develop and implement information security risk identification, governance and treatment methodology
- Able to develop appropriate information security risk methodologies, but willing to roll up sleeves and drive execution and implementation
- Experience conceptualizing information security risk into business terms
- Work with a process risk assessment team members to develop an understanding of the business and/or technology process, information security controls and risk management methodology
- HIPAA Compliance Assessments
- Develops and implements policies and procedures to adequately address and control the risk management of the company's assets
- Ensures the company is utilizing modern information security measures
- 1-3 years of experience working with vendors and third party service providers required
- Knowledge of security control practices, procedures and principles
- Familiarity with risk assessment and risk management concepts or processes
- Working knowledge of various regulatory security requirements - particularly Sarbanes-Oxley (SOX), HIPAA, and HITECH
- Ability to prioritize multiple tasks and be details oriented
- Travel connected with projects for field locations will be necessary, <>