IT Security Risk Analyst Location: Remote - Manage multiple concurrent risks and exceptions against our systems and products and coordinate with architecture, vulnerability management, cloud operations, product, and business teams.
- Familiarity with risk frameworks such as ISO/IEC 27005, NIST RMF, and FAIR, including experience in analyzing the potential impact and likelihood of identified IT security risks.
- Prioritizing risks based on severity and likelihood, considering data sensitivity, compliance requirements, and business impact.
- Accurately record identified IT security risks in the risk register, including detailed descriptions of risks, potential impacts, and mitigation measures.
- Develop IT security risk mitigation strategies, such as collaborating with risk owners to implement firewalls, encryption, access controls, and intrusion detection systems.
- Assign responsibility for implementing risk mitigation measures to appropriate IT stakeholders/process owners and conduct follow-ups to ensure mitigation efforts are on track.
- Regularly review and update the risk register to reflect new IT security risks and changes in existing risks.
- Monitor the effectiveness of IT security measures and update them as necessary to address evolving threats.
- Communicate IT security risk-related information effectively across the organization, including to non-technical stakeholders.
Skills: Familiarity with risk frameworks such as ISO/IEC 27005, NIST RMF, and FAIR, including experience in analyzing the potential impact and likelihood of identified IT security risks.
Education: Four Degree with 2-3 experience or 5-6-year experience.