Information Security Risk Governance Analyst
New York, NY 10017 US
High Profile Bank in Manhattan seeks an Information Security Risk Governance Analyst.
Tremendous full-time direct hire career opportunity with International Organization that offers a great work environment, interesting projects and competitive compensation (130-140K+ bonus).
In summary you will:
- Develop and manage information and cyber security related activities and projects in a key leadership role as you will be the second most senior individual in the information security risk group.
- Act as an Information Security subject-matter-expert to support and assist with providing guidance to Senior Management on information and cyber security issues.
- Review and propose practical changes to potential and existing Information Security policies, procedures, practices, and guidelines to ensure regulatory compliance.
- Coordinate and manage the employee information security awareness training program.
- Assess and evaluate Information Risks by conducting annual risk assessment, vulnerability Assessments and special risk assessments for new information risk related processes and trend analysis of key information risk measurements.
- Work with IT and coordinate any incident response to cyber security events.
- Review vendor service level agreements and contracts to provide guidance on information and cyber security protective controls and countermeasures.
- Develop and maintain information risk Key Risk Indicators (KRI's).
- Perform key Information Risk Governance related tasks including provides user access control management oversight; monitors, analyzes, and follows-up on Information Risk events/issues;
- Review information risk and advise on IT Projects/Issues Management process, Change Management Process, Significant changes to IT procedures, IT Asset Management Report, Key IT Vendor Contracts, IT Disaster Recovery Plan/Process, Record Retention Process, and Internal or external audit findings.
- 5+ years of related Information Risk Governance experience with extensive Information Security / IT Audit.
- Information security certification (CISSP)
- Strong understanding of Information Risk assessment concepts and principles as they relate to risk tolerance and business risk exposure.
- Financial industry experience and understanding of financial industry structure and concepts.
- Completed Bachelor's degree.
- Knowledge and expertise in Risk Assessment and Risk Analysis.
- In-depth knowledge of Information Technology and ability to analyze and design Information Security monitoring process.