Security Risk Analyst Job Description
Security risk analyst
provides information security risk assessment and management services to the organization in coordination with Business Security Officers, information security governance, and other security functions.
Security Risk Analyst Duties & Responsibilities
To write an effective security risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included security risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Document and communicate with business and IT regarding security risks and deficiencies
Assess the adequacy of a vendor's security program to safeguard data
Focus on developing and improving security processes, assisting in metrics development, both within the technology and business organizations
Serve as advisors to the business by ensuring an ongoing awareness of identified risks
Utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed
Evaluate and assess supplier criticality and review changes in scale and scope of services contracted with supplier for material impact
Manage, monitor and track third party compliance to the Third Party Risk Management Program
Monitor all applicable risk assessments are completed in the appropriate timeframe based on third party risk tier
Individual judgment and decision making will be exercised to determine applicability of certain questions on various assessments based on the vendor service and vendor risk
Conduct ongoing security assessments to ensure appropriate controls are in place
Security Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Risk Analyst
List any licenses or certifications required by the position: CISSP, CISA, CISM, CRISC, CGEIT, SANS, CRCM, NCCO, CIA, CBCP
Education for Security Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the security risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Information Systems, Information Security, Management, Information Technology, Business, Education, Engineering, Cyber Security, Applied Mathematics
Skills for Security Risk Analyst
Desired skills for security risk analyst include:
Databases and operating systems
Data security fundamentals and best practices with prior responsibilities of protecting information assets
Information security fundamentals
Best practices and industry standards with prior responsibilities of protecting information assets
Secure coding principles
Awareness and Education
Information Risk
Security Governance
Security Strategy
Cyber security risk management concepts
Desired experience for security risk analyst includes:
Strong physical security background and working knowledge of access control systems, CCTV and intrusion/detection systems used in the financial sector (specifically retail and corporate banking locations)
Mentoring and coaching other individuals to impart knowledge transfer, quality control, skills development and career growth
Post-secondary education in a security/law related or risk management discipline
Professional designation in security management
Assess the adequacy of a vendor's security program to safeguard
Knowledge of key regulations and industry standards such as ISO 27001&2, NIST SP800-53, NIST Cybersecurity Framework
Security Risk Analyst Examples
1
Security Risk Analyst Job Description
Job Description Example
Our innovative and growing company is looking for a security risk analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security risk analyst
- Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization
- Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process
- Manage suppliers accountable for deliverables for risk management planks
- Conduct research on regional security concerns
- Work with the Threat Services team to create Operational Risk Assessments
- Help the Sr
- Provide research, analysis and guidance on management, operational and technical security requirements and solutions for business initiatives
- Assist the CISO and Information Technology associates in defining security requirements for select vendors and systems
- Evaluate new and existing suppliers for appropriateness of security requirements and compliance against contractual requirements
- Manage and improve the Supplier Trust Portal
Qualifications for security risk analyst
- Bachelor’s degree or higher in an IT or risk management related field
- Minimum of 8 years of experience working in security (physical or cyber)
- Minimum of 3 years of experience with risk assessments, audit or control testing
- Successful candidate must possess strong logical, critical thinking and problem solving skills
- Strong application security knowledge
- 1+ years of experience with MS Office Suite and programs to include Word, PowerPoint, Excel, Outlook, InfoPath, SharePoint
2
Security Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking for a security risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security risk analyst
- Influencing, strengthening and administering security awareness in the organization
- Structuring awareness program based on influence from NIST 800-50
- Exposure to industry standard Risk Assessment approaches such as NIST 800-30
- Ability to drive assessments through interviews and relationships to understand and quantify appropriate risks
- Participates in projects and assessments on risk determination for vendors, systems, applications and controls
- Ability to identify, quantify and communicate risk to customers with a wide variety of backgrounds (technical and business)
- Reach out to business application owners to discuss and assign a Data Risk Classification (DRC) for new applications
- Collaborate with members of the ISG organization and key stakeholders to assign a Data Risk Classification to all legacy applications
- Assist the Senior Information Security Specialist with administrative activities as it relates to data entry of information security technology and vendor assessments
- Present findings and assessment to business owners third party vendor
Qualifications for security risk analyst
- CISSP or CISA highly preferred
- Information Security auditing
- Bachelor degree in Business, Criminology, Engineering, Mathematics, Statistics, Computer Science or any relevant field
- Must be able to attain a Canada Security Clearance Level II (Secret)
- Knowledge of security industry
- Demonstrated high level of time management, resolution skills and problem solving to achieve objectives
3
Security Risk Analyst Job Description
Job Description Example
Our company is searching for experienced candidates for the position of security risk analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security risk analyst
- Working with customers to identify security requirements using methods that may include risk and business impact assessments
- Working closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls
- Monitoring risk mitigation and coordinating policy and controls to ensure that other managers are taking effective remediation steps
- Developing and managing security measures for information systems to prevent security breaches
- Participating in security investigations and compliance reviews as requested by external auditors
- Conducting and reports on internal investigations of possible security violations
- Performing security monitoring, analyzes security alerts and escalates security alerts to local support teams
- Support implementing and maintaining continuous process for technical security standards for major 'Client' technologies in accordance with industry best practices
- Partner with global working teams, gather the security requirements to enhance productivity and effectiveness
- Assess and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
Qualifications for security risk analyst
- Three to Five years relative experience in Risk Management, Security , Audit and/or in a similar role
- Programming/Scripting knowledge/experience
- Familiarity with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
- Proficiency in English and Mandarin is a plus
- Extensive experience in IT and banking, with focus on assurance and IT process, risk management
- Sound knowledge of and experience in banking and finance, including finance and credit
4
Security Risk Analyst Job Description
Job Description Example
Our company is searching for experienced candidates for the position of security risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security risk analyst
- Provide an advisory role to IT and the Business to specify pragmatic security requirements
- Participate in Audits and help remediate the findings
- Perform security product evaluations
- Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Assist in the development of security architecture, security policies, principles and standards
- Provide SME support in the resolution of reported security incidents and provide leadership where required
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Develop Security awareness material and conduct Security awareness training to Cathay Pacific employees
- Advise on exception-based security requests
- Support implementing and maintaining continuous process for technical security standards for major technologies in accordance with industry best practices
Qualifications for security risk analyst
- Solid knowledge and experience in governance and team management
- Outstanding influencing, organisation and written and oral communication skills
- Inquisitive approach and attention to detail
- Proficiency in the Vietnamese language
- 100% fluent in English & Spanish, Portuguese a plus
- Minimum of 3 years experience working in a security function
5
Security Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of security risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security risk analyst
- Assist in the continued development and maintenance of an audit database repository to provide accurate and timely content for responses to IT and security questionnaires and surveys
- Assist in the requirements, development and implementation of the ESO/IT audit module within the company's governance, risk and compliance (GRC) tool
- Document procedures for audit administration and coordination for Risk, Policy and Compliance business unit
- Assist in the coordination and documentation of risk assessments for ESO and IT
- Coordinate with various operational and business teams to conduct gap analyses on identified applications for the GDPR initiative
- Coordinate with Project Management to maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders
- Actionable and security compliance process mapping programs to support gap analysis
- Develop a process to ensure websites hosting personal data are identified and adequately protected
- Evaluate and prioritize remediation projects using defined prioritization criteria
- Lead the development of detailed Business Requirements Documents and system Non-Functional Requirements for approved projects and initiatives
Qualifications for security risk analyst
- Security or Risk-related certifications (CRISC, CISSP, CISA)
- Exposure to PCI, FISMA/FedRAMP, Cloud Security Alliance and the STAR program including the CCM and CAIQ
- Priority for those with industry certifications such as CISSP, CISM, GIAC
- 3+ years experience with risk assessment, audit and compliance within frameworks and management standards such as PCI DSS, SOX (Sarbanes-Oxley), ISO27001, NIST 800-53 and NIST 800-171
- Proven compliance, analysis and risk management experience with a focus on information security, information technology and related areas
- Bachelor’s Degree in Business, IT, MIS or a related discipline or equivalent experience in lieu of degree