Career Center

Menu


Main Page
List All Jobs

Job Details


Title:Lead Security Risk Analyst
Location:Alpharetta, GA
Openings:2
Type:Hire

Position: Lead Security Risk Analyst
Client: TSYS
Location: Alpharetta, GA
Duration: Perm
Salary: Salary: $80,478–$135,398 / yr

Summary of This Role
Works throughout the software development life cycle and performs in a utility capacity to create, design, code, debug, maintain, test, implement and validate applications with a broad understanding of a variety of languages and architectures.  Analyzes existing applications or formulate logic for new applications, procedures, flowcharting, coding and debugging programs.  Maintains and utilizes application and programming documents in the development of code.  Recommends changes in development, maintenance and system standards.  Creates appropriate deliverables and develops application implementation plans throughout the life cycle in a flexible development environment.


Responsibilities
Serve as a Subject Matter Expert in the area of code development to address security vulnerabilities identified through various code scanning practices, such as static, dynamic, and open source scanning.
Lead the onboarding and implementation of digital and distributed applications onto code scanning tools, such as AppScan, White Hat, Black Duc, SonarQube.
Provide engineering and technical assistance to support vulnerability scans, penetration testing, vulnerability analysis, scan analysis, and/or security analysis.
Actively collaborate with developers to remediate and close vulnerabilities.  Drive remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA.
Perform IT risk assessments that address security threats, and other changes to systems and/or applications to ensure appropriate controls are in place.
Work with various operational and business teams to drive toward a cohesive view of IT risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
Establish and maintain IT metrics and reporting.  Develop and manage the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk.
Act as the IT risk management ambassador to internal customers and communicate succinctly to external customers (i.e. Auditors) when necessary. 
Use defined risk methodologies and best practices to perform IT risk assessments. Responsible for the planning, scoping and execution of these assessments.
Develop actionable and agile IT risk compliance programs to support various compliance regulations.

Qualifications
Extensive developer experience in Java, JavaScript.  Python also a plus.
Ability to assess security risk, controls, and compliance in a variety of situations, architectures, and solutions.  Experience with controls definition, development, implementation and assessment.
Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy (i.e. GDPR)
Functional knowledge of applicable security regulatory requirements (SOX, GDPR).
Functional knowledge of ISMS governance models (e.g., ISO, NIST), information security roles, IT security controls.
Functional knowledge of common security certifications (e.g., ISO 27000 series, SOC1, SOC2, PCI DSS) and ability to remediate findings identified in these reports.
Ability to communicate risk methodologies and concepts.
Strong understanding of industry frameworks and best practices (ex. NIST, ISO, OWASP, CIS, etc.
Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
Strong attention to detail, strong organizational skills.
Other
Occasional travel may be required; less than 10%.
Must have working knowledge of statistical methods, design history file contents and risk management practices.
GRCP. CISM, CISSP, PCIP, ISA, or equivalent certifications preferred.
What Are We Looking For in This Role?

Minimum Qualifications
BS in Computer Science, Information Technology, Business / Management Information Systems or related field
Typically minimum of 6 years - Professional Experience In Coding, Designing, Developing And Analyzing Data.  Typically has an advanced knowledge and use of two or more opposing front / back end languages / technologies from the following but not limited to; two or more modern programming languages used in the enterprise, experience working with various APIs, external Services, experience with both relational and NoSQL Databases
Preferred Qualifications
BS in Computer Science, Information Technology, Business / Management Information Systems or related field
8+ years professional Experience In Coding, Designing, Developing And Analyzing Data and experience with IBM Rational Tools



Apply to Job




Powered by: CATS - Applicant Tracking System