Information Security Risk Analyst Consultant
New York, NY 10017 US
Working within the IT Group you will be responsible for implementing, coordinating, and participating in the Information Risk Management processes related to deploying the appropriate controls within the Information Technology environment.
In addition, you will be responsible for ensuring new controls are incorporated into the Risk Control Self-Assessment (RCSA) process. This will require extensive liaison work with the Information Technology, Risk Management and Internal Audit teams.
In summary you will:
- Liaise between Risk group and Information Technology regarding Information Risk Management issues.
- Perform a Gap Analysis of existing controls against a newly adopted Threat & Control library.
- Perform a Gap Analysis of new Control Objectives against existing Information Technology Policies & Procedures.
- Work with Subject Matter Experts to ensure missing controls are identified and Policies & Procedures are correctly updated to reflect the new controls.
- Work with the IT Business Management Team and SMEs to ensure new controls are incorporated into the RCSA design process and that new controls are tested during the testing phase of the RCSA.
- Perform GAP analysis and strengthen internal controls and prevent unauthorized and improper access to data, thereby ensuring the appropriate protection of information assets.
- Facilitate the continued improvement in information security risk management and culture across the firm, through continual refinement and implementation of the Information Security Framework.
- Build and maintain relationships with the organizations business areas.
- 8+ years of Information Security risk management experience within financial services.
- Must come from an IT background and have strong Information Technology experience including Information & Operational Risk Management, Cybersecurity, Identity & Access Management, Project Management, Application and Operation Support. ITIL,...
- Microsoft Project and Visio.
- Completed Bachelor’s Degree in Computer Science or related course of study required.