IT Risk Analyst

  • location: Cary, NC
  • type: Temp to Perm
  • salary: $56 - $57 per hour

job description

IT Risk Analyst

job summary:
Job Profile Summary

  • The position is responsible for supporting the day-to-day governance, risk and compliance (GRC) operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. The incumbent works with others in the IT and business organizations to maintain and enhance controls and implement a risk-based approach when evaluating organizational technology requirements. This role works closely with the Manager to develop risk and compliance strategies and to continue to develop, improve and monitor Engineered Materials Group's cybersecurity control framework globally.
Job Responsibilities

  • Provides subject matter expertise in cybersecurity risk and compliance management to the organization.
  • Maintains awareness of changes or updates to security control frameworks, compliance laws and statutes and identify the impact to the business and its security posture.
  • Leads efforts to achieve compliance with various frameworks and regulations by consulting and working with the relevant IT and business staff and control owners.
  • Assesses and monitors security processes and controls on new and existing systems, processes, and technology to assure compliance with applicable frameworks and regulatory requirements as well as promote good information security practices.
  • Performs risk assessments including identifying the risks presented by technological and process changes as well as the review of supporting processes and procedures to ensure that proper controls are in place and risks are appropriately mitigated.
  • Works with management and team members to assess risks associated with technology solutions and ensure appropriate remediation strategies are employed.
  • Compiles management reports, summary analyses, and detailed presentations to describe risk, controls, and assessment findings.
  • Ability to travel up to 10% of the time.
Competencies Required

Required

  • Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively with all levels of staff.
  • Ability to understand how the business functions and how to balance cybersecurity risk and compliance needs with organizational goals.
  • strong organizational skills with the ability to lead multiple compliance and risk-related projects and initiatives.
  • strong technical understanding and experience assessing risks and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off-the-shelf applications, and gaps in controls.
  • Considerable knowledge of IT policies, standards and procedures, security frameworks and their development and implementation.
  • Considerable knowledge of configuration management, change control/problem management integration, risk assessment, exception management and security baselines such as CIS Baselines, vendor security technical implementation guides, etc.
  • Considerable knowledge and experience with various industry standards such as NIST CSF, CIS Critical Controls and ISO 27001.
  • Considerable knowledge and experience with regulatory requirements including ITAR, EAR, DFARS/NIST 800-171, CMMC and GDPR.
Work Experience

Required

  • Minimum of 5 years' experience in a combination of IT infrastructure, applications, or cybersecurity roles including at least 3 years in a compliance, risk and/or assurance role
Preferred

  • Minimum of 8 years' experience in a combination of IT infrastructure, applications, or cybersecurity roles including at least 5 years in a compliance, risk and/or assurance role
Education

Required

  • Bachelor's Degree in business administration or a technology-related field such as Information Systems Management
Preferred

  • Bachelor's Degree in Information Systems Management, Cybersecurity Management
  • Master's Degree in Cybersecurity or Computer Information Systems
Certifications

Required

  • At least one certification in the area of GRC or Information Security
Preferred

  • Certified in Risk and Information System Control (CRISC) or Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
 
location: Cary, North Carolina
job type: Contract
salary: $56 - 57 per hour
work hours: 8am to 5pm
education: Bachelors
 
responsibilities:
Job Profile Summary

  • The position is responsible for supporting the day-to-day governance, risk and compliance (GRC) operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. The incumbent works with others in the IT and business organizations to maintain and enhance controls and implement a risk-based approach when evaluating organizational technology requirements. This role works closely with the Manager to develop risk and compliance strategies and to continue to develop, improve and monitor Engineered Materials Group's cybersecurity control framework globally.
Job Responsibilities

  • Provides subject matter expertise in cybersecurity risk and compliance management to the organization.
  • Maintains awareness of changes or updates to security control frameworks, compliance laws and statutes and identify the impact to the business and its security posture.
  • Leads efforts to achieve compliance with various frameworks and regulations by consulting and working with the relevant IT and business staff and control owners.
  • Assesses and monitors security processes and controls on new and existing systems, processes, and technology to assure compliance with applicable frameworks and regulatory requirements as well as promote good information security practices.
  • Performs risk assessments including identifying the risks presented by technological and process changes as well as the review of supporting processes and procedures to ensure that proper controls are in place and risks are appropriately mitigated.
  • Works with management and team members to assess risks associated with technology solutions and ensure appropriate remediation strategies are employed.
  • Compiles management reports, summary analyses, and detailed presentations to describe risk, controls, and assessment findings.
  • Ability to travel up to 10% of the time.
Competencies Required

Required

  • Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively with all levels of staff.
  • Ability to understand how the business functions and how to balance cybersecurity risk and compliance needs with organizational goals.
  • strong organizational skills with the ability to lead multiple compliance and risk-related projects and initiatives.
  • strong technical understanding and experience assessing risks and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off-the-shelf applications, and gaps in controls.
  • Considerable knowledge of IT policies, standards and procedures, security frameworks and their development and implementation.
  • Considerable knowledge of configuration management, change control/problem management integration, risk assessment, exception management and security baselines such as CIS Baselines, vendor security technical implementation guides, etc.
  • Considerable knowledge and experience with various industry standards such as NIST CSF, CIS Critical Controls and ISO 27001.
  • Considerable knowledge and experience with regulatory requirements including ITAR, EAR, DFARS/NIST 800-171, CMMC and GDPR.
Work Experience

Required

  • Minimum of 5 years' experience in a combination of IT infrastructure, applications, or cybersecurity roles including at least 3 years in a compliance, risk and/or assurance role
Preferred

  • Minimum of 8 years' experience in a combination of IT infrastructure, applications, or cybersecurity roles including at least 5 years in a compliance, risk and/or assurance role
Education

Required

  • Bachelor's Degree in business administration or a technology-related field such as Information Systems Management
Preferred

  • Bachelor's Degree in Information Systems Management, Cybersecurity Management
  • Master's Degree in Cybersecurity or Computer Information Systems
Certifications

Required

  • At least one certification in the area of GRC or Information Security
Preferred

  • Certified in Risk and Information System Control (CRISC) or Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
 
qualifications:
  • Experience level: Experienced
  • Minimum 5 years of experience
  • Education: Bachelors
 
skills:
  • Requirement Analyst
  • Technical Analyst
  • Business Systems Analyst
  • IT Project Manager

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs

    CIO

  • location: Research Triangle Park, NC
  • job type: Permanent
  • salary: $150,000 - $155,000 per year
  • date posted: 5/19/2021


    Sr Product Analyst

  • location: Cary, NC
  • job type: Temp to Perm
  • salary: $50 - $53 per hour
  • date posted: 6/22/2021