We are looking for IT Risk Analyst who will assist in conducting NIST sp800-30r1 Information Security Risk Assessment exercises for IT-specific assets using NIST sp800-37r2 Risk Management Framework for Information Systems. The contract is based out in Raleigh, NC for a contract duration of 06 months.
We at Ian Martin envision a world where everyone is connected in meaningful work and if you find great meaning in developing some of the most widely used products in the world, then we have the career path for you.
Assist in conducting NIST sp800-30r1 Information Security Risk Assessment exercises for IT-specific assets using NIST sp800-37r2 Risk Management Framework for Information Systems and organizations to generate IT Risk Assessment Reports that will facilitate the IT Risk Management of system Confidentiality, Integrity and Availability, introduce new controls, enhance data architecture, and/or address regulatory requirements.
· Information Security Consulting and IT Risk Assessments and Self-Assessments with Risk Assessment Reporting
· Monitoring security vulnerabilities via Business Intelligence Dashboard
· Conducting Internal & External Application security risk assessments through vulnerability testing and risk analysis
· Performing both internal and external security assessments leveraging NIST and ISO Standards
· Analyzing security events & incidents to identify the root cause.
· Continuously updating the company’s incident response and disaster recovery plans
· Verifying the security of third-party vendors and collaborating with them to meet security requirements.
· Significant planning and relationship skills; technology design / technology operations / large scale technology implementation experience
· Strong knowledge of IT Risk, management, and analytics; enterprise applications, data / information management and information delivery applications; IT standards and methodologies
· Viewed as a credible IT Risk Assessor by technology and project management leadership in technology operations and critical infrastructure.
· Ability to understand operational efficiency and effectiveness in a technology platform by driving a service-oriented delivery model.
· Strong understanding of T&O’s direction, priorities and trends in technology and the market
· Strong communicator who can articulate vision across technology, operations, risk, and finance.
· Ability to leverage partners and lead change.
Knowledge and Experience:
· Undergraduate degree in a technical field such as accounting, mathematics, or computer science
· 5-9 years relevant work experience
· Practical knowledge and experience in IT Risk Threat & Vulnerability concepts, processes, and analysis.
· Minimum 1 year of public accounting experience.
· Practical and solid knowledge of IT and Business Process Risk Assessment products
· Experience and knowledge in the areas of IT General Controls (Change Management, Logical Security, Physical security, Network Security & Computer Operations) process flows
Skills and Competencies:
· Working knowledge of IT risk measurement (i.e., confidentiality, integrity & availability of information processed, stored, and transmitted) and assessment methodology of information security environments with any risk system.
· Proven business analysis and problem-solving skills.
· Ability to identify, analyze and rectify project issues as they arise.
· Well-developed PC Skills with respect to spreadsheets, access database and presentation software
Looking for Meaningful Work? We can help.
If you are an IT Risk Analyst, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. And we walk the walk, too: as a Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment.
We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, please contact us at firstname.lastname@example.org.
We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.