Security Risk Analyst Job Description
Security Risk Analyst Duties & Responsibilities
To write an effective security risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included security risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Risk Analyst
List any licenses or certifications required by the position: CISSP, CISA, CISM, CRISC, CGEIT, SANS, CRCM, NCCO, CIA, CBCP
Education for Security Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the security risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Information Systems, Information Security, Management, Information Technology, Business, Education, Engineering, Cyber Security, Applied Mathematics
Skills for Security Risk Analyst
Desired skills for security risk analyst include:
Desired experience for security risk analyst includes:
Security Risk Analyst Examples
Security Risk Analyst Job Description
- Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization
- Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process
- Manage suppliers accountable for deliverables for risk management planks
- Conduct research on regional security concerns
- Work with the Threat Services team to create Operational Risk Assessments
- Help the Sr
- Provide research, analysis and guidance on management, operational and technical security requirements and solutions for business initiatives
- Assist the CISO and Information Technology associates in defining security requirements for select vendors and systems
- Evaluate new and existing suppliers for appropriateness of security requirements and compliance against contractual requirements
- Manage and improve the Supplier Trust Portal
- Bachelor’s degree or higher in an IT or risk management related field
- Minimum of 8 years of experience working in security (physical or cyber)
- Minimum of 3 years of experience with risk assessments, audit or control testing
- Successful candidate must possess strong logical, critical thinking and problem solving skills
- Strong application security knowledge
- 1+ years of experience with MS Office Suite and programs to include Word, PowerPoint, Excel, Outlook, InfoPath, SharePoint
Security Risk Analyst Job Description
- Influencing, strengthening and administering security awareness in the organization
- Structuring awareness program based on influence from NIST 800-50
- Exposure to industry standard Risk Assessment approaches such as NIST 800-30
- Ability to drive assessments through interviews and relationships to understand and quantify appropriate risks
- Participates in projects and assessments on risk determination for vendors, systems, applications and controls
- Ability to identify, quantify and communicate risk to customers with a wide variety of backgrounds (technical and business)
- Reach out to business application owners to discuss and assign a Data Risk Classification (DRC) for new applications
- Collaborate with members of the ISG organization and key stakeholders to assign a Data Risk Classification to all legacy applications
- Assist the Senior Information Security Specialist with administrative activities as it relates to data entry of information security technology and vendor assessments
- Present findings and assessment to business owners third party vendor
- CISSP or CISA highly preferred
- Information Security auditing
- Bachelor degree in Business, Criminology, Engineering, Mathematics, Statistics, Computer Science or any relevant field
- Must be able to attain a Canada Security Clearance Level II (Secret)
- Knowledge of security industry
- Demonstrated high level of time management, resolution skills and problem solving to achieve objectives
Security Risk Analyst Job Description
- Working with customers to identify security requirements using methods that may include risk and business impact assessments
- Working closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls
- Monitoring risk mitigation and coordinating policy and controls to ensure that other managers are taking effective remediation steps
- Developing and managing security measures for information systems to prevent security breaches
- Participating in security investigations and compliance reviews as requested by external auditors
- Conducting and reports on internal investigations of possible security violations
- Performing security monitoring, analyzes security alerts and escalates security alerts to local support teams
- Support implementing and maintaining continuous process for technical security standards for major 'Client' technologies in accordance with industry best practices
- Partner with global working teams, gather the security requirements to enhance productivity and effectiveness
- Assess and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Three to Five years relative experience in Risk Management, Security , Audit and/or in a similar role
- Programming/Scripting knowledge/experience
- Familiarity with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
- Proficiency in English and Mandarin is a plus
- Extensive experience in IT and banking, with focus on assurance and IT process, risk management
- Sound knowledge of and experience in banking and finance, including finance and credit
Security Risk Analyst Job Description
- Provide an advisory role to IT and the Business to specify pragmatic security requirements
- Participate in Audits and help remediate the findings
- Perform security product evaluations
- Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Assist in the development of security architecture, security policies, principles and standards
- Provide SME support in the resolution of reported security incidents and provide leadership where required
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Develop Security awareness material and conduct Security awareness training to Cathay Pacific employees
- Advise on exception-based security requests
- Support implementing and maintaining continuous process for technical security standards for major technologies in accordance with industry best practices
- Solid knowledge and experience in governance and team management
- Outstanding influencing, organisation and written and oral communication skills
- Inquisitive approach and attention to detail
- Proficiency in the Vietnamese language
- 100% fluent in English & Spanish, Portuguese a plus
- Minimum of 3 years experience working in a security function
Security Risk Analyst Job Description
- Assist in the continued development and maintenance of an audit database repository to provide accurate and timely content for responses to IT and security questionnaires and surveys
- Assist in the requirements, development and implementation of the ESO/IT audit module within the company's governance, risk and compliance (GRC) tool
- Document procedures for audit administration and coordination for Risk, Policy and Compliance business unit
- Assist in the coordination and documentation of risk assessments for ESO and IT
- Coordinate with various operational and business teams to conduct gap analyses on identified applications for the GDPR initiative
- Coordinate with Project Management to maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders
- Actionable and security compliance process mapping programs to support gap analysis
- Develop a process to ensure websites hosting personal data are identified and adequately protected
- Evaluate and prioritize remediation projects using defined prioritization criteria
- Lead the development of detailed Business Requirements Documents and system Non-Functional Requirements for approved projects and initiatives
- Security or Risk-related certifications (CRISC, CISSP, CISA)
- Exposure to PCI, FISMA/FedRAMP, Cloud Security Alliance and the STAR program including the CCM and CAIQ
- Priority for those with industry certifications such as CISSP, CISM, GIAC
- 3+ years experience with risk assessment, audit and compliance within frameworks and management standards such as PCI DSS, SOX (Sarbanes-Oxley), ISO27001, NIST 800-53 and NIST 800-171
- Proven compliance, analysis and risk management experience with a focus on information security, information technology and related areas
- Bachelor’s Degree in Business, IT, MIS or a related discipline or equivalent experience in lieu of degree