Job Description :
You can send resume at s a m i r @

Location: Tampa, FL/ Jersey city, NJ
Req. Code 21364
Job Title IT Risk Analyst *V.Urgent
Duration 6 - 9 months
Location Jersey City, NJ /Tampa, FL

Job Description IT RISK ANALYST
Principal Responsibilities
1) Develop and maintain IT Risk Dashboard that provides current IT Risk posture
2) Gain knowledge of existing IT Risk scenarios, when and how to apply them. Enhance/develop new scenarios as appropriate
3) Gain knowledge of existing IT Risk controls, when and how to apply them. Be conversant with the relevant control effectiveness measures for the controls. Enhance/develop new controls as appropriate
4) Develop cost benefit analysis models for applicable assessments and articulate risk in monetary terms
5) Document assessment results in IT Risk register, drive risk management processes such as acceptance, mitigation, avoidance, track action plans and ensure processes are being followed
6) Develop metrics and IT Risk KRIs for specific processes, track, monitor and provide regular reports on the metrics
7) As needed integrate/automate manual IT risk processes with resident IT Risk tools using macros, SQL and scripting. Test and ensure accuracy of information resident in relevant IT Risk data stores
8) Review new regulatory guidelines from SEC, FFIEC, NIST etc. and compare against existing controls, policies and processes. Identify gaps, propose new controls to close gaps and drive creation and adoption of the controls
9) Regularly assess the adequacy and effectiveness of IT controls, secur! ity policies, and remediation activities to ensure alignment with organizational risk tolerance, and compliance with laws, regulations, industry mandates, and contractual obligations. Initiate actions to ensure that compliance, security and risk gaps are successfully remediated or mitigated with compensating controls.
10) Document and report status of agreed upon remediation plans, owners and commitment dates
11) Document and maintain IT policies and standards. Ensure exceptions are assessed for risk and documented. Lead and participate in annual policy review processes. Ensure technology teams understand how to deploy, comply with and monitor technology policies and standards.
12) Maintain mechanisms to determine measure and report to management an accurate view of IT risk, including, but not limited to repeatable risk identification and evaluation processes, scorecards, surveys, heat maps, and risk register. Provide information risk management consulting to technology teams.
13) Maintain mechanisms to effectively measure and report to management the state of compliance and information security including, but not limited to, control catalogs, compliance requirement matrices, deficiency evaluations, and dashboards. Provide compliance consulting to technology teams.
14) Coordinate and ensure the appropriateness of responses to technology audits and audit-related activities
15) Participate in process improvement initiatives

Experience
1) 10+ years overall business experience
2) 5+ years of Information Technology experience with focus on IT Security/Risk
3) College degree in related technical / business areas
4) Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISA, CISM, CISSP, CIPP, CIA, CPA, etc
5) Prior experience working with diverse, cross-functional, cross-departmental projects and technologies; PMP certification a plus
6) Well-rounded understanding of technology, operations and key business processes
7) Strong interpersonal skills
8) Excellent written and verbal communication skills
9) Intermediate to advanced proficiencies with MS Excel, MS Word, and MS PowerPoint as well as SQL knowledge highly desirable
Knowledge/Skills
1) Demonstrates a high degree of ethics; instills trust and credibility
2) Effectively identifies, collaborates and maintains relationships with relevant stakeholders
3) Portrays strong facilitation, negotiation, and conflict resolution skills
4) Demonstrates superior analytical, writing and presentation skills
5) Translates requirements and risk concepts into relevant and understandable terms.
6) Manages individual workload to deliver with excellence on simultaneous projects and priorities each with tight schedules
7) Experience with GRC tools especially Archer, Brinqa will be a plus
8) Familiar with risk and control frameworks, and process improvement models (e.g. Risk IT, NIST RMF, COBIT, COSO, ISO 27002, ITIL, CMM)
9) Experienced in policy development & management
10) Possesses deep knowledge of security technologies

Education, Training or Certification
Advanced degree in a technical discipline preferred
             

Similar Jobs you may be interested in ..