Lead Information Risk Analyst (Security Governance Compliance)
Our client is currently seeking a Lead Information Risk Analyst (Security Governance Compliance) for a permanent opportunity located in Rancho Cordova, CA.
Position Purpose: Lead the design, implement and monitor IT controls for core applications and systems. Analyze IT data to assess risk and improve processes and efficiency.
- Oversee the design, execution, and assessment of IT (NIST, ISO, PCI, GDPR, etc) controls for core applications and systems
- Design, monitor and evaluate controls for effectiveness and efficiency to mitigate areas of risks
- Prepare and document standard procedures and protocols.
- Assess application risks, system risks and data processes within IT and address risks with applicable general controls and recommend solutions
- Review and prepare scheduled audit reports from both internal and external requests
- Design application and system level controls in adherence to best auditing and security practices
- Complete optimization reviews and prepare audit reports associated with the completion of scheduled audits
- Identify key controls and coordinate appropriate measurement efforts for process improvement
- Serve as primary liaison between auditing bodies, IT Security Management, compliance and Business Stakeholders
- Lead and assist others with designing the IT environment to conform to relevant industry standards, such as NIST 800-53, ISO 27001, HIPAA, Sarbanes-Oxley, PCI-DSS, GDPR and other regulatory requirements
- Lead and assist others with implementation of department strategy, governance and compliance of related information systems and technology architecture
- Educate and train employees in the fundamentals of IT Audit Management
- Establish new or improved methods design patterns and standards to solve complex problems
- Provide subject matter expertise, support and guidance to project team members
- Lead and direct the work of team members
Bachelor's degree in IT, MIS, Accounting, Finance, Business Administration, related field or equivalent experience.
6+ years of combined auditing and IT controls design experience. Knowledge of IT systems and processes and experience evaluating internal technical control systems required.
Licenses/Certifications: CISA, CISSP, MS SQL Server, CPA, CIA, or PMP preferred