Sr. Security/Risk Analyst
Full time position in Richmond VA.
Description:
This position will conduct information security risk assessments for the organization in order to ensure that information security risks associated with internal and external relationships are within acceptable tolerances.
In addition, she/he will help the client develop new business and maintain existing customer relationships by responding to requests from external parties concerning client's own information risk management practices.
Responsibilities Determine information security risk profiles for various vendor and business partner services using questionnaires and knowledge of client's policy and relevant industry best practices and standards.
Clearly and professionally communicate information security risks associated with internal and external services to the client's business unit personnel and business leaders.
Assess external party information security controls to ensure they meet or exceed the client's information security risk management requirements for the services to be provided.
Recommend and drive solutions to eliminate, reduce, or mitigate risk, and communicate said solutions to both external parties and internal business stakeholders.
Record pertinent documentation and communications for all assessments in the client's information technology (IT) governance, risk, and compliance platform.
Report status of engagements to Information Security management, project managers, and other business stakeholders as appropriate.
Respond to incoming requests from external parties for information concerning the client's information security practices by providing appropriately scoped and accurate information in a timely and professionally written manner.
Education Bachelor's Degree or equivalent work experience (4 years of experience in lieu of Bachelors) Experience 6 - 8
Years of experience in IT audit, information security, information systems compliance, or information risk management that directly aligns with the specific responsibilities for this position.
(Required) Possession and continual application of the following character traits:
dependability, integrity, decisiveness, tact, courage, enthusiasm, and sound judgement.
Working knowledge of common information security concepts, practices, and technologies, including best practices for:
o Network defense and secure network design o Network, operating system, and application vulnerability management o Secure software development o Cloud Technologies o Logging and monitoring o Identification, authentication, and authorization mechanisms o Account provisioning, review, and de-provisioning o Data loss prevention General knowledge of industry standard security frameworks, including the NIST Cybersecurity Framework.
General knowledge and understanding of regulatory compliance mandates concerning data protection, including HIPAA and various state laws and regulations.
General knowledge of IT audit and assessment concepts and practices.
General knowledge of common web application vulnerabilities preferred.
Industry certification preferred, including but not limited to CISSP or CISM.
#INDVA Princeton Information is one of the nation's top five privately-held IT consulting firms, in business since 1985.
Princeton Information services a clientele of primarily Fortune 500 companies nationwide.
With annual revenues over $120 million, Princeton Information operates across the US from multiple regional offices.
Our Commitment to Our Consultants As a privately held company, Princeton Information is solely committed to the success of clients and consultants - not to any shareholders.
PI's success is grounded in the relationships we build with our consultants.
We seek the best people; provide career path counseling; as well as the most challenging opportunities in business and in IT.
As part of its culture of loyalty and commitment to its consultants, Princeton Information is committed to doing all we can to ensure our consultants have the best possible search, placement and work experience possible.
Our Services Working with one Princeton Recruiter will gain you access to over 500 open requirements with the top clients in the US across all industries (finance, insurance, pharmaceutical, commercial, telecom, media, manufacturing) nationwide.
Our local recruiters have in-depth knowledge of our clients and opportunities.
They will work with you to find you the best possible opportunities for you and your career.
Our Relationships Our relationships with our clients, as well as our consultants, are critical to our success! We have a robust sales organization that ensures that Princeton has the inside track on what attributes a person needs in order to be successfully placed and engaged at our clients.
We know the technical and non-technical skills that our clients are looking for and we ensure that you are educated about the client prior to your interview with them.
Princeton is committed to going above and beyond to ensure that each meeting you have with a client is a successful one!.
Estimated Salary: $20 to $28 per hour based on qualifications.
Description:
This position will conduct information security risk assessments for the organization in order to ensure that information security risks associated with internal and external relationships are within acceptable tolerances.
In addition, she/he will help the client develop new business and maintain existing customer relationships by responding to requests from external parties concerning client's own information risk management practices.
Responsibilities Determine information security risk profiles for various vendor and business partner services using questionnaires and knowledge of client's policy and relevant industry best practices and standards.
Clearly and professionally communicate information security risks associated with internal and external services to the client's business unit personnel and business leaders.
Assess external party information security controls to ensure they meet or exceed the client's information security risk management requirements for the services to be provided.
Recommend and drive solutions to eliminate, reduce, or mitigate risk, and communicate said solutions to both external parties and internal business stakeholders.
Record pertinent documentation and communications for all assessments in the client's information technology (IT) governance, risk, and compliance platform.
Report status of engagements to Information Security management, project managers, and other business stakeholders as appropriate.
Respond to incoming requests from external parties for information concerning the client's information security practices by providing appropriately scoped and accurate information in a timely and professionally written manner.
Education Bachelor's Degree or equivalent work experience (4 years of experience in lieu of Bachelors) Experience 6 - 8
Years of experience in IT audit, information security, information systems compliance, or information risk management that directly aligns with the specific responsibilities for this position.
(Required) Possession and continual application of the following character traits:
dependability, integrity, decisiveness, tact, courage, enthusiasm, and sound judgement.
Working knowledge of common information security concepts, practices, and technologies, including best practices for:
o Network defense and secure network design o Network, operating system, and application vulnerability management o Secure software development o Cloud Technologies o Logging and monitoring o Identification, authentication, and authorization mechanisms o Account provisioning, review, and de-provisioning o Data loss prevention General knowledge of industry standard security frameworks, including the NIST Cybersecurity Framework.
General knowledge and understanding of regulatory compliance mandates concerning data protection, including HIPAA and various state laws and regulations.
General knowledge of IT audit and assessment concepts and practices.
General knowledge of common web application vulnerabilities preferred.
Industry certification preferred, including but not limited to CISSP or CISM.
#INDVA Princeton Information is one of the nation's top five privately-held IT consulting firms, in business since 1985.
Princeton Information services a clientele of primarily Fortune 500 companies nationwide.
With annual revenues over $120 million, Princeton Information operates across the US from multiple regional offices.
Our Commitment to Our Consultants As a privately held company, Princeton Information is solely committed to the success of clients and consultants - not to any shareholders.
PI's success is grounded in the relationships we build with our consultants.
We seek the best people; provide career path counseling; as well as the most challenging opportunities in business and in IT.
As part of its culture of loyalty and commitment to its consultants, Princeton Information is committed to doing all we can to ensure our consultants have the best possible search, placement and work experience possible.
Our Services Working with one Princeton Recruiter will gain you access to over 500 open requirements with the top clients in the US across all industries (finance, insurance, pharmaceutical, commercial, telecom, media, manufacturing) nationwide.
Our local recruiters have in-depth knowledge of our clients and opportunities.
They will work with you to find you the best possible opportunities for you and your career.
Our Relationships Our relationships with our clients, as well as our consultants, are critical to our success! We have a robust sales organization that ensures that Princeton has the inside track on what attributes a person needs in order to be successfully placed and engaged at our clients.
We know the technical and non-technical skills that our clients are looking for and we ensure that you are educated about the client prior to your interview with them.
Princeton is committed to going above and beyond to ensure that each meeting you have with a client is a successful one!.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
