1 Message
Digest #1204
1
Sr. Information Security Risk Analyst - Security - CISSP - Asset Man by "Gary Wright" wrightassociates
Message
Wed Aug 5, 2015 8:49 am (PDT) . Posted by:
"Gary Wright" wrightassociates
Know anyone for this role? - Any referrals would be greatly appreciated.
Position Title - WR15102172015
Sr. Information Security Risk Analyst - Security - CISSP - Asset Management
- Marlboro, MA Area - Excellent Package
Excellent Compensation Package - Base + Bonus + PS
Green Card or US Citizens Only - Local Candidates Only
Company
Large, successful, and growing Boston based Investment Management Firm -
Great Company - Lots of Upside - Outstanding Compensation Package - Bonus -
Profit Sharing etc. Join a team oriented, collaborative, results focused
environment and become part of an elite organization with great growth
possibilities.
Position Summary:
Information Security is expanding the Risk Management team and is looking
for a highly motivated, technical Risk Analyst to be responsible for the
risk assessment portion of the Risk Management program. This individual
will have responsibility in the areas of information security risk
assessments for internal projects as well as third party vendors, and will
interface with technology staff, business staff, outside vendors and clients
to assess, report on, and present on information security risks. This
individual will also work directly with developers, infrastructure teams,
architects, and business areas on evaluating and designing security controls
necessary to mitigate identified risks, and will be a core member of a
rapidly growing Information Security and IT Risk team with opportunities to
help expand the program and provide value in multiple areas of the firm.
Responsibilities:
* Work with the vendor management team to perform thorough
technical and policy-based information security risk assessments of key
third party vendors.
* Work with internal application, infrastructure, and architecture
teams to assess the information security risk of existing technology,
infrastructure and processes as well as proposed projects.
* Coordinate business-level information security risk assessments
for key information assets.
* Help to identify and track mitigation actions intended to reduce
identified risks, as well as tracking and reporting on changes in key risk
indicators.
* Assist with information security risk aspects of internal audits.
Required Skills and Competencies:
* 10+ years' experience in Information Security roles with hands-on
experience with a variety of technologies and architectures sufficient to
provide the background necessary to work closely and "go deep" with
development and infrastructure teams.
* Preferred 5+ years' experience in designing, deploying, or
assessing information security technology, processes, and controls.
* Experience with Vendor Management Programs, performing risk
assessments of third party service providers/vendors based on ISO27001 and
SIG, review of SSAE16, etc.
* Experience performing technical risk assessments for internal
projects, working closely with the architecture team.
* Significant breath of technical experience and critical analysis
skills sufficient to perform detailed risk analysis on a variety of
technologies and use cases. The successful candidate will have the
technical depth and analysis capabilities necessary to be proficient when
examining controls and identifying risk in areas such as data encryption,
access control, security architecture, information security policy and
standards, and vulnerability management.
* Past experience working with auditors to prepare SSAE16 or
similar reports.
* Experience responding to client RFPs, and meeting with clients to
review information security posture.
* Excellent verbal and written communication skills and
presentation skills are a must.
* Bachelor's degree in Computer Science or related discipline.
* CISSP is preferred.
Keys to this Position:
1) We are seeking 10 plus years' in Information Security including 5 plus
years' of experience with Information Security Risk assessments. The
Information Security Risk assessment will affect both external vendor's and
internal projects so experience in both areas are highly desired.
2) We are seeking technical depth in the following areas: Data
Encryption, Access Control, Security Architecture, Information Security
policy and standards and Vulnerability Management. This individual will
need to be able to completely assess any risks within an Information
Security Architecture.
3) Excellent communication skills are needed as this individual will
interface with business users, outside vendors and IT teams.
Contact Information - Resumes in Word format to:
Gary Wright - President - Wright Associates
Phone - (508) 761-6354 - Email - GaryWright@WrightAssociates.org
<mailto:replywrightassociates@verizon.net> - WEB Site -
www.wrightassociates.org <http://www.wrightassociates.org/>
The New England Networking Group is Moderated by:
Gary L. Wright - President/Principal - Wright Associates
Wright Associates specializes in High Technology Recruiting Services for the New England Market Place.
Phone: 508-761-6354
Email: mailto:GaryWright@WrightAssociates.org
Website: www.WrightAssociates.org
Gary L. Wright - President/Principal - Wright Associates
Wright Associates specializes in High Technology Recruiting Services for the New England Market Place.
Phone: 508-761-6354
Email: mailto:GaryWright@WrightAssociates.org
Website: www.WrightAssociates.org
No comments:
Post a Comment