|Title:||Security Risk Analyst|
Position: Security Risk Analyst
Location: Chattanooga, TN 37402
Duration: 6 months (Extension possible)
Really looking for someone that understands FAIR (Factor analysis of information risk). Must be critical thinker, not just tell me how many widgets to punch. An actuarial with a security background would be interesting to talk with.
• Bachelor's degree in Computer Science, Information Systems or a related field or equivalent work experience.
• Must demonstrate knowledge and experience in Information Security Risk Management, Compliance and Governance
• 2 years of relevant, information security experience in Governance, Risk, and Compliance programs or similarly a related field with similar job duties - required. Knowledge and experience with applicable Information Security Authoritative Sources (legislation, business regulators, and audit standards) including:
• HIPAA • CMS (Centers for Medicare & Medicaid Services)
• PCI (Payment Card Industry)
• MAR o SSAE 16 o GLBA Knowledge and preferred experience with Information Technology, Security, and Service Management Frameworks including: • FAIR • COBIT • ITIL • NIST • FIPS • ITSM •
Knowledge and experience with information systems infrastructure and applications.
• Professional certification including CISSP, CISM, CISA, GIAC, CRISC or similar security certification.
• Analytical, troubleshooting and problem resolution skills.
• Ability to evaluate and test new techniques and technologies.
• Excellent written and oral communication skills.
• Excellent relationship and team building skills.
• Ability to communicate technical concepts in individual, group, and large audience settings.
• Ability to interact and be a liaison with multiple departments.
• Ability to build a business case for change and influence decisions
• Ability to complete tasks timely and within scope.
• Ability to develop trust with peers in information security
• Ability to build new initiatives appropriate to Information Security Governance, Risk, and Compliance.
Supports the risk identification and management process across all aspects of the enterprise. Responsibilities include assessing the current adequacy of the security strategy and controls, threats to the systems, and then calculating the impact of potential adverse events on company assets. Risk assessments must be continual, as the threat profiles change constantly. The Analyst will keep executive management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect their systems or cover potential losses. Conducts projects related to compliance, control assurance, risk management, security, and infrastructure/information asset protection. Works on IT risk assessments for one or more IT functional areas (e.g., I&O, AppDev, BE) across the enterprise. Develops security solutions for low to medium complex assignments. Develops security solutions for low to medium complex assignments. Works on or observes Information Security Risk Assessments or projects as assigned.
Apply to Job