Information Security Risk Analyst Resume Samples
4.9
(112 votes) for
Information Security Risk Analyst Resume Samples
The Guide To Resume Tailoring
Guide the recruiter to the conclusion that you are the best candidate for the information security risk analyst job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.
Craft your perfect resume by picking job responsibilities written by professional recruiters
Pick from the thousands of curated job responsibilities used by the leading companies
Tailor your resume & cover letter with wording that best fits for each job you apply
Resume Builder
Create a Resume in Minutes with Professional Resume Templates
CHOOSE THE BEST TEMPLATE
- Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS
- Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES
- Instantly download in PDF format or share a custom link.
SH
S Haley
Sylvia
Haley
13442 Hyatt Row
Chicago
IL
+1 (555) 227 1262
13442 Hyatt Row
Chicago
IL
Phone
p
+1 (555) 227 1262
Experience
Experience
New York, NY
Information Security Risk Analyst
New York, NY
Buckridge, Littel and Ebert
New York, NY
Information Security Risk Analyst
- Monitoring of computing platform compliance with security policies and directives
- Assisting stakeholders with recommendations to address key control deficiencies
- Contributing to the teams’ continuous improvement efforts
- Maintaining familiarity with industry trends and security best practices
- Evaluating management responses to ensure remediation tasks adequately address identified gaps
- Conducting information security assessment of information systems as per our methodology
- Tuition reimbursement
Philadelphia, PA
Information Security Risk Analyst Senior
Philadelphia, PA
Langosh-Kemmer
Philadelphia, PA
Information Security Risk Analyst Senior
- Information Security Policy Management – Supports the development and maintenance of corporate Information Security related policies and procedures
- Network/Perimeter security
- Tracks, coordinates, and resolves issues identified in and related control, compliance, or risk work
- Monitor Access Management activities to ensure segregation of duties
- Performs technical assessments of product releases to ensure secure software baseline
- Documents risk analysis and controls and evaluates control design and continuous control improvement
- IT Control testing/development
present
Dallas, TX
Senior Information Security Risk Analyst
Dallas, TX
Schaefer, Runte and Cummerata
present
Dallas, TX
Senior Information Security Risk Analyst
present
- Manage the control tower of AXA group Solution in order to design, perform, execute and escalate security anomalies and incident
- Assist with performing impact and gap analyses for regulatory change
- Accompany application security initiative and implement security in Project Development Life Cycle (which includes Software Development Life Cycle)
- Work with risk owners to ensure remediation steps are taken when necessary and provides proper notification and communication within UMB
- Perform impact and gap analyses for regulatory change
- Support the performance of ongoing measurement, monitoring, and evaluation of Third Party information security risk
- Advise project team to perform Application threat modelling and coordinate other security activities such as pen test and code reviews
Education
Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
The University of Kansas
Bachelor’s Degree in Computer Science
Skills
Skills
- Ability to complete high quality deliverables
- Excellent organizational skills, coupled with ability to be versatile and flexible
- Proficient in UNIX and Windows operating systems as well as working knowledge of Database security
- Excellent oral and written communication skills, as well as the ability to convey technical and security related issues to business audience
- Able to successfully prioritize and manage to completion multiple complex tasks and deliverables
- Demonstrates strong knowledge and understanding of risk and controls
- Demonstrates ability to exercise good judgment in evaluating situations and making decisions
- Excellent knowledge of security methodologies, standards and best practices as applied to information systems environments
- Strong knowledge of risk and controls
- Strong knowledge in identifying and assessing Information Security risk and development of appropriate strategies to mitigate risk
11 Information Security Risk Analyst resume templates
Read our complete resume writing guides
1
Avp-continuity of Business & Information Security Risk Analyst Resume Examples & Samples
- Undergraduate Degree or equivalent experience
- Prior CoB, IS and Control work experience in a fast-paced environment
- Strong Analy
- Strong Analytical skills
- Self-Starter with the ability to prioritize and manage to strict timelines
- Ability to manage workload and scheduled activities with minimum supervision
- Demonstrate clear and concise communication skills - both written and verbal
- Demonstrate strong interpersonal skills and relationship building skills - ability to interact productively with all levels within the organization
- Demonstrate strong analytical and problem-solving skills
- Demonstrate attention to detail and resolution skills
- Demonstrate understanding of metrics reporting and relationship to underlying data
- Ability to learn and adapt to new internal tools and processes
- Ability to multi-task, change priorities, and remain focused on deliverables with variable deadlines; demonstrate a sense of urgency to bring tasks to closure
- Knowledge of Citi Risk, Control, Compliance Systems desirable
- MS Outlook skills including calendar management, conference management, and forms creation
- MS Word skills to create publications
- MS PowerPoint skills to create/amend presentations
- Familiarity with functions and features of MS SharePoint including document management, permission management, and creation of forms
- Advanced MS Excel skills including: Sum or Count cells, based on criteria; Build a Pivot Table; Write a formula with absolute and relative references; Create a drop down list of options in a cell; Sort a list without corrupting the data; Use a formula to look up a value in a table; Filter unique items from a list; Create a chart from worksheet data; Apply conditional formatting that uses a formula; Insert and protect worksheets (and understand the limits of Excel's protection)
2
Information Security Risk Analyst Resume Examples & Samples
- Proactively collaborate with matrix business partners in Finance, Marketing, Customer Service, IT, and Human Resources to identify opportunities that will increase productivity and support the organization’s sustainable growth strategy
- Manage the creation and financial analysis for Source of Sales and Trendlines, coordinating the ongoing US Sales consolidation
- Provides reporting and analysis for End of Campaign, Field Performance Management
- Provide Campaign Reviews/Updates on KPI results for Senior Management
- Support the implementation of key process improvements, including improvements to forecast accuracy and goal setting
- Support the US Sales team with ad hoc projects and analytical support
- Support regular performance review process (i.e. Continuum) in conjunction with the HR team
- Manage one Associate who is responsible for equipment support and SMO reporting for the field
- Provide ongoing analytical support for requests from the sales organization
- Bachelor's degree required; MBA and/or CPA a plus
- Minimum 3-5 years’ experience in Finance, Accounting and Consumer Goods experience preferred
- Strong financial and/or analytical role background
- Candidate must have a strong leadership potential and ability to take on greater responsibility in future roles
- Computer proficiency, particularly in Excel, Access and Powerpoint
- Demonstrates effective interpersonal skills with the ability to relate to all levels of management
- Demonstrates strong knowledge and understanding of risk and controls
- Demonstrates strong analytical/quantitative skills
- Demonstrates ability to be a logical thinker
- Understanding of standards and frameworks such as Committee of Sponsoring Organizations of the Treadway Commission (COSO), Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), and Information Technology Infrastrucutre Library (ITIL)
- Understanding of information security regulatory requirements
- Understanding of and practical experience with information security risk assessment and information security audits
- Resolving customer questions and concerns in accordance with company guidelines via phone and face to face interaction. Processes returns, CLUB Card Applications and other CLUB operations, In Store Pickups, and other special orders such as Layaways, holds, and outdoor licensing. Researching orders, products, lost gift cards and rebates for customers
- Provide legendary customer service every time when assisting customers by identifying and evaluating customers' needs, and making product recommendations based off of this analysis, by providing a legendary customer experience for every customer and promoting Cabela's programs including, but limited to CLUB Membership, Cabela's Xtreme Protection, Kiosk, VOC and In-Store Pick-up
- Respond and handle customer issues by using good judgment and logic in solving problems and making decisions within the job scope
- Assist in other areas of the store when business need dictates, which may include but is not limited to Hardlines, Softlines, Front End, and Back End operations
- Must be able to place product on/off conveyor, trucks, shelving, etc
3
Senior Information Security Risk Analyst Resume Examples & Samples
- Demonstrates clear analytical and quantitative skills
- Demonstrates logical thinking
- Demonsrates ability to exercise good judgment in evaluating situations and making decisions
- Demonstrates ability to thrive in an environment of change and manage multiple tasks and responsibilities simultaneously
- Demonstrates strong organizational and planning skills
- Demonstrates ability to work well in a team environment or independently
- Demonstrates proficiency in identifying and assessing Information Security risk
- Demonstrates excellent written and verbal communication, problem solving, and decision-making skills
- In-depth knowledge and understanding of and information security risk assessment and information security audits
- Understanding of standards and frameworks such as Committee of Sponsoring Organizations of the Treadway Commission (COSO), Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), and Information Technology Infrastructure Library (ITIL)
- Strong understanding of information security regulatory requirements and best practices
4
Information Security Risk Analyst Resume Examples & Samples
- Excellent understanding of IT security concepts with an emphasis on Security and Risk Assessment
- Excellent knowledge of IT and computer systems
- Excellent understanding of internal and external audit process
- In-depth understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities
- In-depth understanding of Payment Card Industry - Data Security Standard (PCI-DSS), and proficiency in applying Health Information Portability and Accountability Act (HIPAA) security rules and National Institute of Standards and Technology (NIST) standards
- IT Audit background
5
Senior Information Security Risk Analyst Resume Examples & Samples
- Demonstrates ability to exercise good judgment in evaluating situations and making decisions
- Demonstrates strong analytical and quantitative skills
- Demonstrates aptitude for logical thinking
- Demonstrates ability to deal with and meet tight deadlines with limited resources
- In-depth knowledge and understanding of information security risk assessment and information security audits
- Proficiency in identifying and assessing Information Security risk and development of appropriate strategies to mitigate risk
- Strong understanding of information security regulatory requirements
6
Information Security Risk Analyst Resume Examples & Samples
- Assist the ISO and Vendor Management Committee (VMC) in implementing the corporate Vendor Management Program and helping insure the Program is in compliance with best industry practices and regulatory guidance
- Perform initial technology due diligence of proposed new vendors and calculate the risk rating as appropriate
- Conduct annual risk assessment of all existing vendors that integrate with the Information Technology department
- Collaborate with business areas to determine key vendor dependencies and risks
- Ensure vendor due diligence questionnaires are completed as appropriate for each new vendor and provide input to RFPs when necessary
- Document results of due diligence, residual risks, and ensure risks are understood by VMC, the Business Area and applicable Information Technology Management
- Create and maintain a listing of all vendors that have access to Bessemer data and detail the data type
- For vendors that have high potential risk, ensure that an action plan exists for remediation activities and work closely with the Business Unit and applicable Information Technology management to mitigate the elevated risk if possible
- Develop strong relationships with key department heads to ensure vendor risk is understood and managed appropriately
- 2-6 years’ experience in technology risk management with strong understanding of Vendor Risk Management in a financial services company. Also valuable to have experience in business continuity and operational risk
- Solid understanding of the banking industry’s regulatory requirements for the managing of third parties ( e.g., OCC, FFIEC).CRISC Certification preferred
- Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
- Results oriented with excellent problem solving skills
- Bachelor’s degree preferred or equivalent experience
7
Information Security Risk Analyst Resume Examples & Samples
- Support enterprise security awareness program
- Support the review and evaluation of information security incident reports
- Support internal/external audits
- Support third party security inquiries
- Support and/or prepare risk based input to security awareness campaigns
- Prepare risk and program reports for senior leadership
- Prepare and/or develop formal documentation of information security, privacy and IT risk and compliance activities
- Assist in the completion of information security risk assessments
- Assist in determining risk profiles from known or suspected threats
- Assist with the annual review of information security policies and procedures
- Monitor and report on emerging threats and vulnerabilities
- Handle highly confidential and sensitive information
- Demonstrates strong knowledge of risk and controls
- Demonstrates self to be a logical thinker
- Demonstrates good understanding of standards and frameworks such as Control Objectives for Information and Related Technology (COBIT), Federal Financial Institutions Examination Council (FFIEC), International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), or Information Technology Infrastructure Library (ITIL)
- Strong knowledge in identifying and assessing Information Security risk and development of appropriate strategies to mitigate risk
- Strong knowledge of risk and controls
- Understanding of information security regulatory requirements and security awareness
8
Information Security Risk Analyst Resume Examples & Samples
- Provide oversight and consultation and/or remediation on issues/potential issues that arise within Enterprise Access Administration, Engineering functions and tools, risk control self assessment, and regulatory guidance, as necessary
- Ensure operational and engineering practices are in compliance with relevant risk standards, policies and regulations to maintain an effective control environment
- Interface with various internal groups including Operations, Compliance, Risk Managers, Line of Business contacts, internal/external audit and Legal as necessary
- Experience with operational risk analysis, process improvement, end-to-end business process mapping and reviews, procedure documentation, and develop of metrics and reporting
- Minimum 5+ years experience in access administration, security administration, or similar field
- Experience performing deep dive control reviews to identify process and control breaks. (Controls awareness experience is a must)
- Excellent verbal, interpersonal and written communication skills and the ability to develop and maintain strong partnerships with internal and external audit and all levels of management is necessary
- Strong presentation skills to any level of management
- Effective PC skills (Excel, Word, Powerpoint, Visio)
- Ability to work across LOBs and regions, balancing the needs of multiple organizations
9
Information Security Risk Analyst Resume Examples & Samples
- 10+ years of relevant work experience
- Extensive background in IT Audit
- Ability to multitask in a fast-paced environment
10
Information & Security Risk Analyst Resume Examples & Samples
- Information Risk/Security and Technology background with focus on Governance, Risk and Compliance activities
- Experience of Information Risk/Security and Technology Risks and Metrics analysis and reporting
- Experience of Information Risk/Security and Technology Risks frameworks and governance
- Knowledge of key regulations and industry standards such as ISO 27001&2, NIST SP800-53, NIST Cybersecurity Framework, etc
- Have industry recognised certifications e.g. CRISC, CISSP, CISA
- Strong presentation and stakeholder management skills
11
Manager / Information Security Risk Analyst Resume Examples & Samples
- Collaboratively author and edit various risk-related documents, including Risk Profiles, Risk Advisory Memos, Risk Acceptance Memos, exceptions and exemptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities
- Work with GIS and Technology Division peers to define or refine Standard Operating Procedures (SOPs) to explicitly identify when to invoke CME Group’s InfoSec Risk Adjudication Process
- Participate in and contribute to various working groups across the Technology Division, including but not limited to the Enterprise Architecture Board, various change advisory boards, Identity & Access Management working group, Data Protection working group, etc
- Assist the E.D. of GIS Risk Management with
- Minimum of 5-7 years of experience at director or manager level in publicly traded companies or finance/technology industry operations; OR minimum 7-10 years as a consultant to such companies at a commensurate level
12
Information Security Risk Analyst Resume Examples & Samples
- Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments. Includes both in house systems and vendor based solutions covering Information Security, Business Continuity and compliance risk
- Identify and communicate recommended security and business continuity controls and control deficiencies for business units. Document and monitor the implementation of controls for technology and business project plans
- Review vendor contracts for compliance with Bank security, business continuity and disaster recovery requirements and recommend appropriate language as necessary
- Develop an overall risk management strategy for new or existing services with key business stakeholders
- Perform duties & responsibilities specific to department functions & activities
- Responsibilities include the following: 1) adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering (i.e. Bank Secrecy Act, USA PATRIOT Act, etc.), 2) adhering to Bank policies and procedures, 3) completing required training, 4) identifying and reporting potential suspicious activity to the BSA/AML Officer, and 5) knowing and verifying the identity of any customer(s) that enters into a relationship with the Bank
- Minimum 4 year college degree required
- Knowledge and/or experience with LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems desired
- Relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) preferred or the ability to gain a certification within 6 months of hire
- 3 years of security, information technology or technology risk management related work experience
- Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required
- Work independently, make decisions and multi-task effectively in a very diverse, project oriented environment
- Furthers the First Republic Bank culture and values
- The ability to learn and comprehend basic instructions; understand the meanings of words and respond effectively; and perform basic arithmetic accurately and quickly
- Position involves sitting most of the time, but may involvewalking or standing for brief periods of time
- Must be able to travel as position requires
13
Information Security Risk Analyst Resume Examples & Samples
- Conducting information security assessment of information systems as per our methodology
- Identify, document and communicate key control deficiencies to stakeholders
- Assisting stakeholders with recommendations to address key control deficiencies
- Evaluating management responses to ensure remediation tasks adequately address identified gaps
- Maintaining familiarity with industry trends and security best practices
- Contributing to the teams’ continuous improvement efforts
- Adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering (e.g. Bank Secrecy Act, USA PATRIOT Act, et.) 2) Adhering to Bank policies and procedures 3) Completing required training
- Validate evidence, before identified risks are closed
- Escalate issues to management as needed
- At least 2 to 5 years’ experience in risk assessment and information security practices
- Experience with large complex financial institutions or another highly-regulated industry
- Understanding of the compliance requirement framework such as GLBA, SOX, PCI, HIPAA etc.,
- Background engaging with both internal and external audit functions
- Ability to identify, interpret and apply IT controls in changing environments
- Familiarity with one or more of the following areas is highly desirable
14
Information Security Risk Analyst Resume Examples & Samples
- Interpret and apply IT controls in an enterprise environment
- CIA
- Other relevant professional certifications
15
Senior Information Security & Risk Analyst Resume Examples & Samples
- Perform security assessments of large, complex internal IT projects based upon NIST 800-53
- Knowledge of Information security control frameworks
- Strong critical thinking skills; ability to quickly comprehend problems, develop hypotheses, draw logical conclusions, develop solutions, and respond accordingly
- Formal Information Security education or certification, such as CISSP, SANS/GIAC, Information Assurance, etc
- Enterprise IT infrastructures, configuration, and management
- Secure Software Development Life Cycle principles
16
Information Security Risk Analyst Resume Examples & Samples
- Ensures strategic objectives of the risk management program are met including the execution of risk assessment activities, coordination of risk response and program testing and validation
- Reviews significant events and advises business owners of action steps required to prevent future recurrence
- Performs risk assessments related to the Data Protection Program, Supplier Management, and Enterprise Risk Management (ERM) programs along with consulting projects throughout various risk disciplines at FIS while identifying potential issues, control gaps, and potential process efficiencies
- Documents risk analysis and controls and evaluates control design and continuous control improvement
- Manages areas of exposure
- Conducts regulatory and other assessments for the Corporation
- Participates in projects designed to mitigate risks including generating action plans for issues/gaps
- Tracks, coordinates, and resolves issues identified in and related control, compliance, or risk work
- Requires varied interpersonal and technical skills
- Project-oriented and may require a significant amount of overtime at critical times
- Possesses outstanding interpersonal, communications (both written and verbal), and human relations skills
17
Information Security Risk Analyst Resume Examples & Samples
- Perform security risk assessments (SRA) according to the client's SRA framework and IS standards
- Document identified IS risks to incorporate relevance and impact to the client's systems, infrastructure and business process
- Understand and communicate how vulnerabilities can be exploited within technology and the client's environment in a manner that resonates with the business areas
- Assist in identifying and communicating application control deficiencies and the associated risks
- Research and maintain knowledge base regarding information security issues, solutions and potential implications for the client
- Communicate effectively orally and in writing and express conclusions and recommendations in a clear, technically sound manner
18
Information Security Risk Analyst Resume Examples & Samples
- Perform duties and responsibilities specific to department functions and activities
- Performs other duties and responsibilities as required or assigned by supervisor
- Strong communication and organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required
19
Information Security Risk Analyst Senior Resume Examples & Samples
- Develops and maintains knowledge of regulatory requirements
- Performs other related duties assigned as needed
- This position requires 50% overnight travel
- Strong analytical, organizational, and communications skills required
- Ability to establish and maintain effective working relationships with employees, vendors, clients, and public
20
Information Security & Risk Analyst Resume Examples & Samples
- Participate in cyber incident detection, investigation and response
- Conduct risk analyses on new vendors, software, services & projects
- Support risk mitigation efforts of the Information Security group, primarily through technical support of the procedures established to safeguard information assets
- Provide proactive security awareness efforts
- Provide backup support for Disaster Recovery
- University degree in computer science or equivalent
- Minimum of 2 years’ experience in Information Security or Information Technology
- Excellent knowledge of security methodologies, standards and best practices as applied to information systems environments
- Understanding of encryption technologies and protocols is an asset
21
Senior Divisional Information Security Risk Analyst Resume Examples & Samples
- Contribute/maintain documentation for the enterprise business continuity and disaster recovery program and associated plans
- Perform infrastructure risk analysis for corporate functional areas to identify points of vulnerability and recommend disaster avoidance and impact reduction strategies
- Establish disaster recovery exercise (testing) methodologies
- Coordinate with internal customers and external clients to ensure that the business unit is following standard compliance policies
- Serve as an internal resource for risk, business continuity and disaster recovery related issues
- Engaging various internal and external resources as needed
- Contribute risk related documentation and input for internal, 3rd party, and vendor risk assessments
- Maintain the continuous risk monitoring and assessment functions
- Contribute to the maintenance the enterprise risk register
- Assist in client due-diligence activities (questionnaires, on-site audit/assessments, etc.) as needed
- Assist in the preparation of information security assessments for request for proposals (RFP) and for existing clients as needed
- With the assistance of the Risk Manager, identify, analyze, and evaluate risk through the use of an assessment methodology and procedures for the company’s assets, relationships, processes, and functions associated with IT risk
- Minimum 3 years of Information Technology auditing, Business Continuity Planning, Information Risk Management
- Minimum 2 years’ experience in an IT operational role directly interfacing with clients/ customers preferred
22
Senior Information Security Risk Analyst Resume Examples & Samples
- Work with business, IT and Infrastructure and Infrastructure security teams to Implement Security controls into the project according to the AXA information security policy standards
- Identify and evaluate Information Security risks and provide risk mitigation solutions and plans
- Manage the control tower of AXA group Solution in order to design, perform, execute and escalate security anomalies and incident
- Advise project team to perform Application threat modelling and coordinate other security activities such as pen test and code reviews
- Accompany application security initiative and implement security in Project Development Life Cycle (which includes Software Development Life Cycle)
- Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design
- Ensure a seamless response to the needs of business units, IT managers, and local and Group security managers
- Expertise in Security Architecture design, SSDLC, Security testing
- Expert knowledge of networks and how to secure them
- Expertise in analysing and configuring network security: network firewall or L7, IPS, IDS, etc
- Expertise in data encryption: storage, transfer via a network
- Expert knowledge of access control mechanisms: authentication, authorisation, etc
- Ability to audit vulnerabilities and mitigate risks
- Expertise in managing and protecting systems against threats
- CISSP, CISA, GCIH or GPEN certification would be a plus
- Excellent communication skills (spoken, written)
- Ability to interact in a global business and multi-cultural environment
- Autonomous and be able to propose new approaches
- Good written skills in general
- Rigorous, organized and accurate
- Good analysis and synthesis skills
23
Senior Information Security Risk Analyst Resume Examples & Samples
- 5+ years Information Security experience, at least half of which is large enterprise environment experience
- 3+ years direct experience with Security Risk Management programs/processes
- Knowledge of security risk management frameworks and standards
- Familiarity and experience with Enterprise Risk Management is a plus
- CISSP and/or CISA/CISM certification a plus
24
Divisional Information Security Risk Analyst Resume Examples & Samples
- Maintain and execute corporate and departmental Information Technology (IT) security policies and programs
- Conduct on-site and remote IT assessments and IT policy/compliance audits company-wide ensuring audit schedule is met
- Participate in ensuring the assigned business segment meet legislative requirements, industry standards, and client audits
- Manage projects
- Maintain Risk registers
- Security exceptions
- Risk management, Disaster Recovery, Business Continuity Planning
- IT audit methodologies, risk management practices, business continuity planning and disaster recovery or incident management
- Minimum 3 years knowledge of network perimeter security, intrusion detection systems, firewalls, routers, network segmentations, network data vaults preferred
- Minimum 1 year experience implementing controls required by Data Privacy Legislation
25
VP-information Security Risk Analyst Resume Examples & Samples
- Define, improve and maintain the Information Security Risk framework
- Ensure alignment with the regulatory requirements and Group internal requirements for the management of IT and Information Security risks (FFIEC handbook etc...)
- Ensure a clear process is defined and followed for security risks, identified via different parties / processes, to all be tracked consistently within a single portfolio
- Coordinate, track and follow-up with stakeholders for risk acceptance, risk mitigation and risk resolution
- Provide regular report, and ad-hoc escalation, for security risks management
- Manage recommendations assigned to the Information Security department in a similar way, for tracking, following up and reporting
- Not Applicable
26
Information Security Risk Analyst Resume Examples & Samples
- Work with Client Application owners on the approval of Technology Risk exceptions
- Perform metric's reporting of the volume of security exceptions and other key Risk indicators from the Information Security Risk and Advisory Services team
- Support the team by participating in projects, creating spreadsheets and documentation, attending meetings, and writing routine security exceptions
- Help produce team metrics of volume of Security open exceptions, expired exceptions and volume of retired exceptions
- Assist in developing and maintaining process and procedures, of team functions that include Security exception process, application assessment process, and business application residual risk assessment process
- Perform basic security exceptions for non-complex applications, and small projects
- Manage the security exception renewal process by identifying exceptions before they expire and working through a process to either renew or resolve the exceptions
- Interact with Information Services, identifying security gaps, and or alignment issues to Information Security Policy
- Communicate to clients on timing of expired exceptions and explaining the deficiencies outline in the exceptions
- Bachelor's degree from an accredited university and 4 years' experience or 7 years of technical work experience
- 3 years Information Technology Background
- 3 years' experience in supporting or designing technology infrastructure
- 1 year of experience working in the area of Information Security Risk or Third Party Risk
27
Information Security Risk Analyst Resume Examples & Samples
- Conduct risk assessments on Information Technology, Information Security, Third Party Vendor, and other relevant company risks, recommend mitigation strategies, and work with internal stakeholders to assign monitoring responsibility
- Run the Company’s security metrics program: define, gather, and report on key risk indicators and key performance indicators
- Author and update Information Security Policies
- Maintain the Company’s Risk Register and communicate risk to management
- Interpret risk and compliance requirements and translate into actionable and sustainable implementations
- Build and nurture positive working relationships with internal customers with the intention to exceed customer expectations
- Generate innovative ideas and challenge the status quo
- Minimum of 5 years of IT or information security risk management and advisory experience, with 3+ years of information security, compliance, or controls experience
- Well-versed in various information security and risk frameworks/standards (ISO 31000, ISO 2700x, NIST 800 series, etc)
- Broad base of knowledge across a variety of compliance and control frameworks (SOC, ISO, PCI, CSA STAR, etc)
- Well-versed in risk analysis methodologies, such as NIST, OCTAVE and FAIR
- Familiar with a broad range of technical concepts: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
- Ability to grasp complex issues quickly and have strong critical thinking, analytical skills, and problem-solving skills with a high attention to detail and accuracy
- BA/BS in Information Technology, Business Administration, Economics or related field
- Professional certifications such as CISSP, CISM, CISA, or CRISC
- Financial Services or Technology experience
28
Information Security Risk Analyst Resume Examples & Samples
- Monitoring of computing platform compliance with security policies and directives
- Assist with business job role creation, maintenance & access review
- Advise on information security policies, industry standards, best practices, and strategies
- Conduct reviews of business partner security controls
- Conduct and report on various Information Security audits
- Provide backup support for Disaster Recoveryand Business Contingency Event Management
- Minimum of 3 years’ experience in Information Security or Information Technology
- Proficient in UNIX and Windows operating systems as well as working knowledge of Database security
- Understanding of an array of enterprise-wide information systems and how network, application and host-based security work together to protect information assets
- Good understanding of systems development life cycle, Internet application security best practices
- Programming/Scripting knowledge/experience (e.g. Perl, UNIX shell, Windows PowerShell, Excel VBA and SQL)
- Experience with SIEM (ArcSight) Administration is an asset
- Understanding of network technology and protocols is an asset
29
Information Security Risk Analyst Resume Examples & Samples
- Conduct formal risk assessments to identify, assess, and measure information security risks for systems, facilities, networks, projects and third parties
- Prepare risk assessment reports to support management action, escalation and risk acceptance processes resulting from risk assessments
- Identify opportunities to improve risk posture, proposing solutions for remediating or mitigating risks and assessing the residual risk
- Support with global implementation and maintenance of ISMS across the Sony Group
- Minimum of 2 years of combined risk management, risk consulting, and information security work experience
- Bachelor’s degree, preferably in Computer Science or a related field, Law or Management, or other equivalent experience
- Broad knowledge of information security
- Experience with eGRC tools
- Able to manage multiple projects simultaneously, with strong ability to prioritize multiple tasks
- Ability to travel domestically and internationally as required, up to 10%
- All candidates must be authorized to work in the USA
30
Information Security & Risk Analyst Resume Examples & Samples
- Minimum of a Bachelor's Degree in Information Technology, Computer Science, Information Security, or related discipline required
- Minimum 3-5 years of experience working in an information security function
- Familiar with industry standard information security and IT governance standards and frameworks, such as IEC/ISO27001, COBIT, NIST Cyber Security Framework
- Working knowledge of network security, including firewalls, load balancers, web application firewalls, and other similar network security components
- Working knowledge of various AWS services (EC2, ELB, WAF, S3, EBS, etc.) with a strong desire to continue to works towards becoming a subject matter expert in AWS cloud security
- Working knowledge of network protocols, components, and technologies, such as hubs, routers, switches, vLAN, VPN, WAN, wireless networking, HTTP/HTTPS, SSL/TLS…and so on
- Working knowledge of encryption methods and technologies
- Working knowledge of application development platforms, technologies, and architecture
- Working knowledge of project management principles
- Ability to think critically, analyze complex systems, and propose solutions to complex problems
- Competent, effective verbal and written communication skills
- CISSP, CISM, CISA, or GIAC certification preferred. If candidate does not possess an information security or related certification, a desire to pursue attainment of certification is required
31
Junior Information Security Risk Analyst Resume Examples & Samples
- 3-5 years’ experience in an information security or risk management role
- Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols
- Hands-on experience with commercial and open-source network and application security testing tools
- Knowledge of industry leading guidance e.g. NIST CSF, ISO or COBIT is preferred
32
Information Security Risk Analyst Resume Examples & Samples
- Perform application risk assessments within our Security Risk Management program. Includes both in house systems and vendor based solutions covering Information Security
- Identify and communicate recommended security controls and control deficiencies to stakeholders
- Perform duties and responsibilities specific to department functions & activities
- Responsibilities include the following
- Minimum of 3 years work experience in application security assessments, including Operating Systems, Web, and Database platforms
- Strong understanding of common operating system, database, and web vulnerabilities
- Relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) preferred
- General understanding of security best practices for Windows, UNIX, Linux, and overall system hardening techniques
- Strong understanding of system and network architecture Excellent knowledge of secure transmission of data
- Experience with vulnerability scanning tools (e.g. Qualys, Nessus, Nexpose, Symantec CCS, DB-Protect) and analyzing results
- Experience with web application vulnerability scanning tools (e.g., HP Webinspect, NTO Spider,) and analyzing results
- Knowledge of OWASP tools and methodologies a plus
33
Information Security Risk Analyst Resume Examples & Samples
- Delivers support for the Security Assurance for the Federal Reserve (SAFR) program based on NIST controls. Consults with information systems owners to categorize systems; select, implement and assess controls; and frame, assess and monitor risk. Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions and catalog remediation actions
- Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks to applications, systems, infrastructure, and data on behalf of Fifth District and National Product Office business areas
- Enforces information security policies and procedures by administering, and monitoring security reports; reviews SAFR documentation; and investigates possible security exceptions
- Provides consultation and facilitation support services to Fifth District and National Product Offices in information security matters, compliance with the Security Assurance for the Federal Reserve (SAFR) policy and other control mechanisms used by the Bank
- Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments
- Participate in IT security assessment of supplier (3rd party vendors and cloud services) and develop recommendations to improve security and mitigate security risks
- Delivers information risk management services including risk assessments (ARAPS) for new and existing Information Technology (IT) automation products and projects
- Defines and maintains information security non-compliance (exception) review and approval processes; provides recommendations on information security non-compliance situations
- Assists in the execution of SOX (COSO) compliance activities by testing, collecting, and reporting results to management
- Working knowledge applying risk management frameworks such as NIST and FISMA
- Knowledge of regulatory compliance initiatives related to Sarbanes Oxley/SOX (COSO control framework
- Working knowledge of GRC automated tools (e.g. RSAM)
- Demonstrates knowledge of the Fifth District and National Product Office’s businesses and applies this knowledge to initiatives in assigned areas of responsibility (e.g. COSO/FISMA/SAFR/NIST)
- Intermediate knowledge of risk management policies, initiatives, and procedures
- Knowledge of information security fundamentals, and information security policies and procedures
- Excellent oral and written communication skills, as well as the ability to convey technical and security related issues to business audience
- Proficient in the design and implementation of effective IS controls
- Evidence of ability to create new processes to improve security and compliance with minimal oversight
34
Information Security Risk Analyst Senior Resume Examples & Samples
- Information Security Policy Management – Supports the development and maintenance of corporate Information Security related policies and procedures
- Risk Assessments – Supports the development and maintenance of the Bank’s Information Security (GLBA) Risk Assessment in compliance with Regulation H. Works with Information Security management to ensure Information Security policies and procedures appropriately mitigate the identified risks related to regulatory compliance (GLBA, PCI, HIPAA), application and vendor Security Risk Assessments
- Security Awareness Training – Support the development and execution of training and awareness strategy for annual, monthly and ad-hoc training across all lines of business. Promote Information Risk and security awareness through training, information risk/security awareness days, and other related activities such as annual training, month awareness campaigns, ad-hoc training and other awareness activities
- Penetration Testing and Network Security Assessments - Performs risk analysis, attack simulation, application-level automated & manual white box and block box penetration testing of production and corporate environments
- Authors detailed and articulate penetration test reports, including prescriptive recommendations for remediation options
- Report results from standard, regulatory, and ad-hoc risk assessments to Information Security management, business owners, and Information System sponsors. Provide additional metrics as required based on analysis of internal and external trends and threats
- Monitor industry developments and trends that affect the Bank through trade and other publications, seminars and conferences
- “LIVE” the Bank’s Mission Statement and “PRACTICE” the Bank’s Corporate Strategy
- Strong project management skills especially in the areas of systems development, acquisition, and implementation
- 20170509
35
Information Security Risk Analyst Resume Examples & Samples
- Identifies opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios
- Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports findings
- Development and maintain metrics and key performance indicators (KPIs) for the risk process
- A broad knowledge of information security principles, must remain current on related laws, regulations, and industry standards. Significant understanding of NIST, ISO27002 and Cobit
- Able to successfully prioritize and manage to completion multiple complex tasks and deliverables
- Bachelor's degree in Computer Science, Management Information Systems, Cybersecurity or related field
- Minimum of 3 - 5 years of IT security or information security experience
- CRISC, CISSP, CISM or related certificate preferred
36
Information Security Risk Analyst Resume Examples & Samples
- Metrics and Reporting
- Participate in and influence information risk assessment process improvement
- Schedule and perform information risk assessments using internal methodology; identify, document and communicate control deficiencies in business processes and technology systems
- Work with the business and technology to agree cybersecurity risk findings identified through the risk assessment process
- Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps
- Partner with business and IT to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences
- Evaluate management responses to ensure that remediation plans and tasks adequately address identified control gaps
- Document risk issues in the internal designated risk register
- Assist the business and technology groups through the internal process for policy exceptions and risk acceptance
- 5+ years of risk assessment experience in one or more areas: application, infrastructure, vendor risk management
- Financial Services Industry experience a plus but not required
- Proficiency with Information Risk Management best practices
- Proven knowledge of technical infrastructure, networks, databases and systems as they relate to cybersecurity risk
- Proven knowledge of security methodologies, policies, standards and best practices
- Proven knowledge of information technology systems, infrastructure and operations
- Ability to explain and articulate technical concepts using both technical and non-technical language
- Critical thinking and analytical skills
- Excellent presentation skills (MS PowerPoint)
- Ability to manipulate data in a spreadsheet (MS Excel)
- Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives
- Excellent organizational skills, coupled with ability to be versatile and flexible
- Sound business judgment and the ability to work successfully with all levels of management
- Excellent grammar and style skills; ability to adapt writing style for different audiences and media
37
Information Security Risk Analyst Resume Examples & Samples
- Ability to write technical security policy, procedure and standards documents
- Pursuing a Bachelor’s or Master’s degree in computer science, information security, information technology, or other engineering discipline
- Ability to prioritize and multitask in a fast-paced, demanding environment with competing deadlines and strong attention to detail
- Working knowledge of network security, encryption methods, application development platforms, technologies, security architecture and overall information security concepts
- Working understanding of information security risk management and performing information security risk assessments
- Familiarity with recognized Information Security governance standards and frameworks such as ISO-27001 and NIST 800-53
38
Information Security Risk Analyst Resume Examples & Samples
- Ability to assess security incidents or risks, gathers needed information, and finds appropriate solutions
- Ability to analyze current processes and use judgment to recommend new and innovative processes
- Knowledge of best practices, HIPAA, HITECH, and other regulations
- Ability to manage small projects and implementations with limited supervision
- Computer, network, and system knowledge and skills with a thorough understanding of security controls
- Ability to communicate effectively and document processes
- Ensure the appropriate level of information security is utilized based on industry standards, best practices, HIPAA, HITECH, and other regulations by developing repeatable processes to identify, evaluate, and measure IT security risk
- Assist in the development and review of security policies, procedures, and standards
- Perform IT security risk assessments of both new and existing in-house and vendor-based systems. Recommend, design, and construct risk/security metrics, policies and standards
- Manage the remediation of audit and security review findings and recommendations
