Jun 25, 2019
Position : Associate Information Security Risk Analyst Location : Austin, TX Type : Contract to Hire
Interview: Phone and in Person PURPOSE AND SCOPE: The Associate Information Security Risk Analyst will assist with identifying, quantifying, and managing risk across the organization while integrating risk management processes into business operations. Candidate must be a highly motivated Information Security member who will work directly with subject matter experts to identify risks and elicit all necessary information about the situation to form a complete understanding of the risk. This position will also work with the other members of the Risk Team to gather evidence, quantify, and document the risks. PRINCIPAL DUTIES AND RESPONSIBILITIES: Under close supervision, utilizes established procedures to enforce (ISO) risk management policies, standards, and procedures for FMCNA and provide oversight for other Business Units based on industry best practices and frameworks.
Assist in development, measurement, and management of risk metrics to support GRC reporting
Identify, implement, monitor, and enforce information security compliance, regulatory, and control frameworks
Provide ongoing analysis and coordination with stakeholders to improve risk posture for business units and overall FMCNA.
Contributes to risk assessments using industry standard frameworks.
Builds and maintains database of risk assessment questionnaires, responses, and mappings to industry standard frameworks and regulatory requirements using TrustArc or other applicable solutions.
Create and maintain documentation of issues/control gaps, corrective actions, and status.
Supports the security exception management process.
Reviewing third-party attestation and audit reports then providing feedback to business leaders and risk owners.
Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments and audits
Delivery focused, willingness to perform and manage all tasks required to complete the job and meet deadlines, including administrative and documentation-oriented tasks.
Attention to detail and thoroughness, with a focus on the completeness, accuracy, integrity, security, and confidentiality of the information handled and activities performed.
Collaborating with threat and vulnerability intelligence teams to develop risk scenarios from new and emerging risks
Conduct comprehensive analysis of risk scenarios and inform key stakeholders of findings on an ongoing basis
Support awareness and accountability around IT governance, risk, and compliance control functions
Team-oriented and will promote execution and change through influence
Articulate information security risk into business terms
Learns to use professional concepts. Applies company policies and procedures to resolve routine issues.
Works on problems of limited scope. Follows standard practices and procedures in analyzing situations or data from which answers can be readily obtained.
Builds stable working relationships internally.
Normally receives specific, detailed instructions on all work.
May refer to other team members, if applicable, for assistance with day-to-day problems that may arise.
Escalates issues to supervisor/manager for resolution, as deemed necessary.
Review and comply with the Code of Business Conduct and all applicable company policies and procedures, local, state and federal laws and regulations.
Assist with various projects as assigned by direct supervisor.
Other duties as assigned.
Additional responsibilities may include focus on one or more departments or locations. See applicable addendum for department or location specific functions. PHYSICAL DEMANDS AND WORKING CONDITIONS : The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Travel required per business need.
EDUCATION : Bachelor’ s Degree required; degree in related discipline desired (i.e., Computer Science or Computer Information Technology); equivalent experience in a related field may be considered in lieu of degree.
EXPERIENCE AND REQUIRED SKILLS : 0 – 2 years’ related experience.
Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Service Organization Control 2 (SOC 2), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), IS0 27000 series, HITRUST, Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
Conducted risk assessments using a variety of frameworks.
Possess demonstratable knowledge of Third-Party Assurance risk management.
CISSP, CRISC, CISA, CISM, or other technical certification(s) a plus
Experience with TrustArc Assessment Manager a plus.
Working knowledge of Scripting languages a plus.
Queen Consulting Group, Inc.
Austin, TX, USA