Immediate long term contract opportunity for a Cyber Security Risk Analyst to support our client in their Cybersecurity Risk Management Department. We are seeking candidates with a proven ability to elicit, document, analyze and verify requirements to promote security awareness, prepare security operations plans/policy documents, and create goals to reduce cyber security risk to the overall organization. We are seeking someone who is versed in helping/understanding audit evidence to take back to the security operations teams to assist with triaging security threats and provide Security Risk management solutions. The selected candidate will work with stakeholders to provide security risk information and vulnerability assessment plans to assist in the triage effort. Experience in conducting security and privacy risk assessments, completing risk exception and acceptance requests using SIG, SOC2 Type 2, and other security attestation documents is key to this position.
Want to learn more? Then you should contact Elite Technical right away for consideration!
- Position requires a bachelor-s degree in Cyber Security, Information Technology, Computer Science, Business or relevant work experience in application security analysis, security risk, systems analysis experience with direct Business Analyst experience.
5+ years of experience in the following:
- Proven ability to elicit, document, analyze and verify requirements
- Knowledge of several of the following frameworks/regulations: NIST Special Publication 800-53 Rev. 4 /5 -Security and Privacy Controls for Information Systems and Organizations-, the HIPAA Security and Privacy Final Rule (45 CFR Part 164), NIST 800-171 -Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations-, NIST CSF, NIST RMF, FedRAMP, HITRUST, CIS benchmarks, CIS Top 20, Cloud Controls Matrix (CCM), COBIT, CMMC, ISO 27001.
- Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps.
- Cyber security business and systems subject matter expertise - especially in Application security, Data Security, Data Governance, and Network Security domains.
- Experienced with responding to internal and external audit requests, working with, and communicating to auditors and assessors, understanding the extent of appropriate evidence needed to satisfy audit and assessment requests.
- Experience with working with enterprise or cybersecurity specific risk registers.
- Experience with GRC (Governance, Risk, and Compliance) systems or IRM (Information Risk Management) systems.
- Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization.
- Proven experience supporting data security risk teams with demonstrated business process, workflow, task analysis, and metrics/results measurement. Exposure to user-acceptance testing and requirements analysis knowledge.
- Knowledge of AGILE and/or Waterfall SDLC methodologies.
- Excellent knowledge of MS Office tool set - MS Word, MS Excel, MS Project and MS Visio.
Preferred:
- Security Certification (CISSP, CRISC, CISA or SANS GIAC certifications in relevant areas).
- Understanding of data analysis and modelling.
- Knowledge of cloud security controls (AWS / Azure).
- Experience with healthcare insurance industry, especially BCBS plans.
- Experience with SAI Global-s Compliance360 Enterprise Risk Management and Risk Intelligence Manager modules.
- Audit experience.
- Experience evaluating security controls in a mainframe environment.
Washington, DC
1
Monday, October 24, 2022
Contract
12 months+
Wednesday, September 28, 2022
Know someone who would be a good fit? We pay for referrals!