Information Security Risk Analyst

  • location: Research Triangle Park, NC
  • type: Contract
easy apply

job description

Information Security Risk Analyst

job summary:
We have a 12 month renewable position for an Information Security Risk Analyst with a client of ours in RTP, NC.







Completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards. Works with end users to determine needs of individual departments. Implements policies or procedures and tracks compliance throughout the organization. Typically requires a bachelor's degree and 5+ years of related experience.















Additional Job Requirements













We are looking for an Information Security Risk Analyst Contractor with 5-7 years of information security experience. This position reports to the Associate Director, Team Lead, of Information Security Governance. The incumbent will conduct information security risk assessments to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, developing remediation plans, and publishing reports of results. The incumbent must have a working knowledge of security frameworks, preferably NIST CSF and NIST 800 series. There are two contractor positions open; we are seeking to fill the positions based on the principal duties and responsibilities defined as follows: Principal Duties and Responsibilities - Implement Security & Awareness Messaging to align with a monthly pre-defined awareness theme, and quarterly phishing campaigns/reports - Perform IS Vendor Risk Assessments - Write Policies and related supporting documentation, such as standards and procedures - Assign Data Risk Classifications for assets defined in EOS, Biogen's system of record, and build and train end users on the self-service model - Assist with the development and implementation of controls in alignment with NIST standards - Develop the exception handling process - Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements - Provide administrative support and development for the SharePoint Online site migration for the CISO organization Overall: - Serve as an information security liaison to Biogen business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions) Qualifications Education/Training: - A Bachelor's degree in Computer Security / Science or Information Security; or equivalent experience required - Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, or other related studies preferred Experience: - A minimum of 5-7 years' experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role. - Experience with development and implementation of information security awareness and education programs. - Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT. - Proven experience with control monitoring principles and practices. - Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR) - Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions. - Excellent analytical and problem-solving skills - Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. - Excellent verbal and written skills. - Flexible and able to adapt quickly to changing technology - Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance. - Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint - Experience using an automated GRC tool (i.e. RSA Archer) is a plus - Biotech and IT experience preferre





 
location: Durham, North Carolina
job type: Contract
work hours: 9am to 6pm
education: Bachelors
 
responsibilities:
We have a 12 month renewable position for an Information Security Risk Analyst with a client of ours in RTP, NC.







Completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards. Works with end users to determine needs of individual departments. Implements policies or procedures and tracks compliance throughout the organization. Typically requires a bachelor's degree and 5+ years of related experience.















Additional Job Requirements













We are looking for an Information Security Risk Analyst Contractor with 5-7 years of information security experience. This position reports to the Associate Director, Team Lead, of Information Security Governance. The incumbent will conduct information security risk assessments to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, developing remediation plans, and publishing reports of results. The incumbent must have a working knowledge of security frameworks, preferably NIST CSF and NIST 800 series. There are two contractor positions open; we are seeking to fill the positions based on the principal duties and responsibilities defined as follows: Principal Duties and Responsibilities - Implement Security & Awareness Messaging to align with a monthly pre-defined awareness theme, and quarterly phishing campaigns/reports - Perform IS Vendor Risk Assessments - Write Policies and related supporting documentation, such as standards and procedures - Assign Data Risk Classifications for assets defined in EOS, Biogen's system of record, and build and train end users on the self-service model - Assist with the development and implementation of controls in alignment with NIST standards - Develop the exception handling process - Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements - Provide administrative support and development for the SharePoint Online site migration for the CISO organization Overall: - Serve as an information security liaison to Biogen business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions) Qualifications Education/Training: - A Bachelor's degree in Computer Security / Science or Information Security; or equivalent experience required - Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, or other related studies preferred Experience: - A minimum of 5-7 years' experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role. - Experience with development and implementation of information security awareness and education programs. - Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT. - Proven experience with control monitoring principles and practices. - Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR) - Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions. - Excellent analytical and problem-solving skills - Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. - Excellent verbal and written skills. - Flexible and able to adapt quickly to changing technology - Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance. - Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint - Experience using an automated GRC tool (i.e. RSA Archer) is a plus - Biotech and IT experience preferre





 
qualifications:
We have a 12 month renewable position for an Information Security Risk Analyst with a client of ours in RTP, NC.







Completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards. Works with end users to determine needs of individual departments. Implements policies or procedures and tracks compliance throughout the organization. Typically requires a bachelor's degree and 5+ years of related experience.















Additional Job Requirements













We are looking for an Information Security Risk Analyst Contractor with 5-7 years of information security experience. This position reports to the Associate Director, Team Lead, of Information Security Governance. The incumbent will conduct information security risk assessments to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, developing remediation plans, and publishing reports of results. The incumbent must have a working knowledge of security frameworks, preferably NIST CSF and NIST 800 series. There are two contractor positions open; we are seeking to fill the positions based on the principal duties and responsibilities defined as follows: Principal Duties and Responsibilities - Implement Security & Awareness Messaging to align with a monthly pre-defined awareness theme, and quarterly phishing campaigns/reports - Perform IS Vendor Risk Assessments - Write Policies and related supporting documentation, such as standards and procedures - Assign Data Risk Classifications for assets defined in EOS, Biogen's system of record, and build and train end users on the self-service model - Assist with the development and implementation of controls in alignment with NIST standards - Develop the exception handling process - Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements - Provide administrative support and development for the SharePoint Online site migration for the CISO organization Overall: - Serve as an information security liaison to Biogen business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions) Qualifications Education/Training: - A Bachelor's degree in Computer Security / Science or Information Security; or equivalent experience required - Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, or other related studies preferred Experience: - A minimum of 5-7 years' experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role. - Experience with development and implementation of information security awareness and education programs. - Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT. - Proven experience with control monitoring principles and practices. - Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR) - Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions. - Excellent analytical and problem-solving skills - Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. - Excellent verbal and written skills. - Flexible and able to adapt quickly to changing technology - Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance. - Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint - Experience using an automated GRC tool (i.e. RSA Archer) is a plus - Biotech and IT experience preferre





 
skills: We have a 12 month renewable position for an Information Security Risk Analyst with a client of ours in RTP, NC.







Completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards. Works with end users to determine needs of individual departments. Implements policies or procedures and tracks compliance throughout the organization. Typically requires a bachelor's degree and 5+ years of related experience.















Additional Job Requirements













We are looking for an Information Security Risk Analyst Contractor with 5-7 years of information security experience. This position reports to the Associate Director, Team Lead, of Information Security Governance. The incumbent will conduct information security risk assessments to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, developing remediation plans, and publishing reports of results. The incumbent must have a working knowledge of security frameworks, preferably NIST CSF and NIST 800 series. There are two contractor positions open; we are seeking to fill the positions based on the principal duties and responsibilities defined as follows: Principal Duties and Responsibilities - Implement Security & Awareness Messaging to align with a monthly pre-defined awareness theme, and quarterly phishing campaigns/reports - Perform IS Vendor Risk Assessments - Write Policies and related supporting documentation, such as standards and procedures - Assign Data Risk Classifications for assets defined in EOS, Biogen's system of record, and build and train end users on the self-service model - Assist with the development and implementation of controls in alignment with NIST standards - Develop the exception handling process - Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements - Provide administrative support and development for the SharePoint Online site migration for the CISO organization Overall: - Serve as an information security liaison to Biogen business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions) Qualifications Education/Training: - A Bachelor's degree in Computer Security / Science or Information Security; or equivalent experience required - Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, or other related studies preferred Experience: - A minimum of 5-7 years' experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role. - Experience with development and implementation of information security awareness and education programs. - Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT. - Proven experience with control monitoring principles and practices. - Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR) - Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions. - Excellent analytical and problem-solving skills - Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. - Excellent verbal and written skills. - Flexible and able to adapt quickly to changing technology - Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance. - Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint - Experience using an automated GRC tool (i.e. RSA Archer) is a plus - Biotech and IT experience preferre






Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

easy apply

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs