Information Security Risk Assessment Analyst

Menlo Park, CA 94025

Posted: 06/21/2018 Employment Type: Contract Industry: Information Security Job Number: 22375

Title: Information Security Risk Assessment Analyst
  • Independently perform risk based security reviews of first and third parties including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
  • Articulate security findings to internal and external stakeholders including third-party vendors
  • Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits
  • Negotiate acceptance of remediation plans and timelines based on criticality of each finding
  • Participate in the development and oversight of corrective actions relating to security issues
  • Compile and report out security risk and operational metrics
  • Participate in cross-functional, team, and status review meetings
  • Recommend process improvement and strategic initiatives as related to security assessment

  • Must have prior experience with first or third-party security assessment
  • In-depth knowledge of security assessment lifecycle
  • Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies
  • Ability to identify and assess security risks and recommend mitigating controls
  • Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter
  • Good understanding of the various hacking techniques and the defensive countermeasures
  • Good understanding of the threat landscape as related to vendors
  • Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry
  • Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
  • Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
  • Excellent verbal and written communication skills

Other desirable skills & experience
  • Program and project management skills
  • Risk management frameworks and techniques
  • Threat modeling techniques
  • Software development
  • CISSP, CEH certifications
  • Good grasp of NIST, PCI, ISO, and SOC

Education: Bachelor' s Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security
Apply Online
Apply with LinkedIn Apply with Facebook Apply with Twitter

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.