Job Description :
Staff Risk Analyst
Houston, Texas
contract
Job Description :
In the role of Staff Risk Analyst, you will:
Ensure ongoing compliance to policies and standards in collaboration with internal teams
Collect data, produce reports, and provide compliance metrics to leadership
Review existing documentation of IT controls, business processes, policies, procedures, and management reports for effectiveness and sustainability
Execute and manage External and Internal IT Security Audits Manage remediation plans/corrective actions for any vulnerabilities or compliance failures reported in audits
Participate in the governance of the UCF reporting framework to measure continuous improvement and improving the overall maturity level of IT risk and compliance practices
Governance of the UCF controls matrix, in maintaining alignment with multiple compliance frameworks or compliance programs, including SOC 2, ISO 27001, CSA and GDPR
Management of compliance testing for the ISO 27001/27002 certification programs
Support key business initiatives by identifying security and compliance related risks
Ensuring internal compliance (including IT, execution of vulnerability scans, annual training, etc are executed in a timely manner
Facilitation of SOC reporting reviews and inquiries
Communicate to management, through reports, presentations, metrics and other documentation, the cyber-security risks identified
Work closely with Legal on GDPR compliance and implementation
Perform other duties as required and assigned
Qualifications :
Bachelor’s Degree in Business, Business Administration, IT Management system, and other applicable Information Technology disciplines from an accredited college or university
Significant experience in IT Compliance, IT Risk Management, and/or IT Audit
Desired Skills :
In depth work experience in compliance, privacy, or security risk management
In depth work experience in SAP and/or Oracle related systems
Experience in working closely with Auditors
Experience managing towards a security compliance framework and privacy regulations, such as SOC2, NIST, CSA, GDPR and ISO 27001 and/or detailed familiarity with industry recognized best practices: NIST Cybersecurity Framework, NIST Special Publications, COBIT, ISO 27001, and/or Top 20 Critical Controls
Experience with using Archer GRC
Ability to communicate at all levels with clarity and precision, both written and verbally
Excellent problem-solving and critical-thinking skills
Experience creating/updating policies and controls framework
Experience with standards or regulations such as ISO 27001, SOC 2, FedRAMP and HITRUST, NIST 800-XX Frameworks
Able to lead multiple projects with competing priorities and deadlines
Self-starter with strong interpersonal and communication skills who is able to work in a collaborative, team environment
Understanding of GDPR and EU data privacy regulations
CISSP, CRISC, CISM, CISA, CIPP or similar certifications
Strong analytical and problem solving skills, with demonstrated intellectual and analytical rigor
Demonstrates a logical and structured approach to time management and task prioritization.
Ability to work under pressure and adhere to sometimes strict and/or tight deadlines
Self-Motivated
Proven interpersonal, facilitation, negotiation, and problem/resolution skills
MBA or Masters a plus
Project Management Professional (PMP) Certification
Proven ability to lead, motivate and build teams that deliver services and solutions that surpass client expectations
Previous experience participating in the execution of complex projects in challenging environments
Excellent communication, organizational and time management skills with ability to manage multiple priorities and meet deadlines
Analytical and detail
Action oriented and drive results