San Antonio, Texas
Buffalo, West Virginia
Wallops Island, Virginia
Washington, District of Columbia
Katonah, New York
Brewster, New York
Posted: 10-Jan-23
Location: DALLAS, Texas
Salary: Open
Categories:
Internal Number: 22023433
Security Risk Assessment Specialist II
JOB SUMMARY
Enforce and help establish the information security and control policies, procedures, and standards while completing risk assessments for research studies and vendors supporting our research teams. Participates in pre-implementation reviews to ensure security requirements and appropriate guidelines and controls are incorporated into the systems being positioned in, around and on the infrastructure. Perform risk assessments of systems, applications and networks to identify weaknesses and ensure the effectiveness of internal controls in reducing risk to information systems. Perform analysis as required on large, disparate data sets to identify malicious activities within the infrastructure. Helps Manage and Maintain Information System Security solutions as assigned to ensure their effective use. Investigates and resolves problems, inefficiencies and enhances the enterprise risk mitigation stance. Utilize ticketing system to ensure analysis, research and documentation remain consistent.
Assurance: Conduct interviews and assist requesters in onboarding end devices onto the Infrastructure utilizing established processes and procedures, and ensuring security requirements and appropriate guidelines and controls are in place. Train other Sec-Assurance personnel on group processes and procedures. Perform risk assessments for all infrastructure as requested utilizing established tools. Makes recommendations for improvement to the information security program by enforcing policies, mitigating risks and ensuring compliance to regulatory strategies. Leads meetings with multiple infrastructure personnel on Security related matters.
Operations: Monitor, Analyze, Research and defend against potential security events. Help determine if potential vendors could increase the risk of a potential security incidents that may impact the organization. Assist with security incidents to reach containment, retain evidence and improve capabilities for future response.
ESSENTIAL FUNCTIONS OF THE ROLE
Correlate data and reports from different sources, make logical inferences about that data, and be able to publish results. Ability to develop tools and scripts to aid in data processing or other aspects of log and security research.
Perform review of vendor engagements, understanding the functions of effective third-party risk and related procurement systems and/or process.
Make / Implement recommendations for improvements in process and procedures.
Participate and/or Lead projects as requested.
Provides / Review recommendations for remediation based on the reviews and risk assessments performed. Prepare reports as requested.
KEY SUCCESS FACTORS
Analytical skills with sound and logical problem-solving capabilities and demonstrated experience.
Experience operating as apart of a GRC program in alignment with common information technology management frameworks such as NIST, CIS, ITIL, ISO 27001, etc.
Demonstrated experience leading risk management workshops, obtaining and synthesizing inputs from technical and non-technical stakeholders throughout the enterprise.
Deep understanding and demonstrated experience of end-to-end risk management lifecycle, including key components and their relationships with internal and external stakeholders.
Critical thinking and strong logic skills.
Written and verbal communication skill; Demonstrated ability to effectively explain complex concepts to others in layman terms.
Ability to work with others in teams and share analysis and collaborate well on problems.
Ability to work efficiently and accurately under pressure.
Self-motivated to identify and resolve issues.
Ability to work on a variety of incident, work assignments or projects simultaneously.
Deep technical understanding and demonstrated ability to apply security related knowledge for practical and timely outcomes purposes given role.
Demonstrates customer-oriented service excellence principal while remaining mission focused.
Mature and in debt knowledge of Information Security technology and best practices. Knowledge of network protocols, operating systems, attacks, hacking, risk analysis, vulnerability mitigation and general remediation.
BENEFITS
Our competitive benefits package includes the following
- Immediate eligibility for health and welfare benefits
- 401(k) savings plan with dollar-for-dollar match up to 5%
- Tuition Reimbursement
- PTO accrual beginning Day 1
Note: Benefits may vary based upon position type and/or level
QUALIFICATIONS
- EDUCATION - Bachelor's or 4 years of work experience above the minimum qualification
- EXPERIENCE - 8 Years of Experience