Senior Security Analyst in midtown, Manhattan. This individual will report directly to the Third Party Risk Management Director and partner with the business, corporate and agency IT teams to understand the services our agencies provide clients, the data they handle and risks associated with use of outsourced services and suppliers. This individual will make recommendations on how to mitigate any risks identified. A well-qualified candidate will be comfortable working with business and IT leadership to embed a security-focused mindset.
location: New York, New York
job type: Contract
salary: $50 - 60 per hour
work hours: 9am to 6pm
- Assists with all phases of the Third Party information security risk assessment and program.
- Reviews security assessment reports and questionnaires.
- Leads discussions around remediation activity and compensating controls to help manage risk. Influences remediation when necessary.
- Supports the Exception Management process.
- Leverages innate knowledge of technical security concepts including authentication, authorization, data security, application security, cloud services and secure architecture concepts to identify security gaps and convey the importance of security to businesses.
- Communicates and presents risks and remediation activity in a clear manner to non-technical audiences.
- Provides support when there is a request from a supplier to redline/modify security contract language.
- Assists with creation, updating, and preparation of final versions of documents, including Policy, Standard Operating Procedures (SOP) and Work Instructions.
- Provides recommendations to identify areas of improvement for processes, procedures and workflows.
- Assists in special projects on an as-needed basis.
- Bachelor of Science in Computer Information Systems, Computer Science, Information Systems Management, related field or equivalent work experience
- Experience with IT technology, infrastructure, applications and architecture
- Awareness of the external threat landscape
- Experience with the following industry/regulatory requirements and frameworks: ISO27001, COBIT, SOC2, SOX, NIST 800-53, NIST CSF or FAIR
- CISSP required
- CISA, CISM, CRISC, CCNA, CCENT, CCNP, GSEC, MCSA certifications are preferred
- Ability to appropriately balance information security posture with business risk
- Ability to work with manual processes, where advanced systems are not yet established
- Experience in implementing and working with vendor risk management GRC technology (preferred)
- Excellent written and oral communications skills and ability to articulate and present information to all levels of management
- Excellent analytical and problem-solving skills
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.