As an Information Security Analyst - Governance & Risk, you will help design, deploy and maintain a comprehensive information security program. You will be responsible for developing, auditing and enforcing compliance processes and procedures, as well as responding to information requests from both internal and external requestors. Candidate must be able to work independently with minimal supervision, interact effectively with IT, security, and business leaders, and apply sound information security risk management practices.
- Assist with the creation, implementation, and management of the company’s security program, policies, standards, and procedures.
- Assist with project management of information security projects related to the overall security objectives and programs.
- Perform and manage Third-Party Security Risk Assessments of both new and existing vendors.
- Assess risk and identify potential areas of compliance vulnerability and risk.
- Manage the remediation of security assessment findings and recommendations.
- Interact professionally and effectively with a diverse group including executives, legal, managers, business and operational leaders, and subject matter experts.
- Assist with the development and implementation of the enterprise security awareness programs.
- Maintain current knowledge and awareness of the information security and threat landscape.
- Familiar with Industry Standards and Frameworks (i.e. NIST, CIS, ISO)
- Familiar with Financial Regulatory Bodies (i.e. FINRA, SEC)
- May perform other duties as assigned.
- Assist in the coordination and execution of third-party external audits (i.e. SOC 2 Type 2)
- Self starter and able to manage multiple priorities and adjust to changing priorities with minimal direction
- Bachelor’s Degree or 2 years of industry experience
- Meticulous organizational skills
- Experience writing Information Security procedures, standards, and guidelines
- Excellent writing and communication skills
- Comfortable using cloud based applications, MS Office, Google, data queries, and reporting software
- Working knowledge and understanding of regulatory compliance and data protection
- Possesses the highest level of integrity, is a self-starter and is comfortable working without close supervision in executing somewhat complex tasks
- Experience working in the legal and/or financial services industries
- Experience in technology risk and control frameworks (NIST Cybersecurity Framework, NIST 800-53, etc.)
- Industry certifications from ISC2, ISACA or similar
- Process review and recommendations for improvements