Senior Risk Analyst

08th July, 2024

Senior Risk Analyst

For more than three decades, Strategic Data Systems (SDS) has been a software consultancy firm specializing in strategy, technology, and business transformation for Fortune 100 companies, mid-sized firms, and startups. At SDS, we empower our development teams to address our clients' critical business challenges by leveraging cutting edge technologies. If you seek a workplace where your contributions are truly appreciated, then SDS is the company for you. Join us today to work alongside fellow development specialists and become a crucial part of our dynamic and cohesive community.

What You'll Do

• Participate in ongoing reviews of global company's Risk Management Program.
• Contribute to strategic plans supporting program objectives and alignment of technology risk activities across company. Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.
• Assist in delivering GT Risk Management programs to mitigate technology-related risks.
• Contribute to program governance and processes for identifying, assessing, and responding to risks.
• Collaborate with other GT and corporate processes (M&A, JV, Projects, and 3rd Party/Vendor Management).
• Maintain risk assessment methodologies, processes, artifacts, and training.
• Lead or manage assessments and remediation efforts, tracking progress and reporting on security control gaps.
• Analyze risk/control information to formulate recommendations, metrics, and reports for management decision-making.
• Ability to analyze and aggregate risk across a complex organization and articulate risk clearly.
• Register GT risks, work with risk owners on risk treatment, and monitor risk treatment, response, and mitigation with risk owners. Weight business needs against security concerns and articulate issues and options to management.
• Present risk register and treatment plans to stakeholders on a regular basis.
• Enhance collection and maintenance of OneTrust risk register information.
• Work cross-functionally to improve workflow and collect required risk profile data.
• Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.
• Ensures of proper documentation of technology assessment results, and monitors remediation. Deliver all documentation developed during task execution, with status of all work in progress. Create Weekly and Monthly Status Reports, including daily technical task reports, threat management reports, among others.
• Support the Business Technology Disaster Recovery process.
• Support the resolution of Internal Audit, Compliance, Risk Management, Regulatory related issues that could impact the confidentiality, availability or integrity of data or processes.

What You'll Need

• Five to Ten (5-10) years direct experience in a Risk Analyst role is required.
• A bachelor's or master's degree in computer science, Cyber-Security or in a technology/information security-related field is preferred and can substitute degree in lieu of some actual experience.
• Experience with Security Controls frameworks (e.g., CobiT, ISO 27001, NIST, NIST CSF, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g., GDPR, CPRA, NIS, NIS2, CPA, etc.).
• Experience with a Governance-Risk-Compliance (GRC) software suite (OneTrust, Archer, Xacta, ., etc.) is required; prefer direct experience with OneTrust.
• Must be able to demonstrate a strong understanding of Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX) is required; prefer multiple framework experience vs single framework experience.
• Strong leadership, critical thinking and collaboration skills required.
• Attention to detail is a critical success factor for this role.
• Ability to influence peers, colleagues, and managers across business and divisional Lines to Take action on complex, technical or sensitive topics with companywide impact.
• Must be analytical and Possess Ability to interpret and apply policies and regulations across a large, complex business.
• Able to work effectively in an environment characterized by multi-tasking, fast-paced, lead by multiple projects and conflicting priorities. Multi-level communications and interpersonal skills (including strong documentation skills). Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff, across IT and business.
• Strong technical information security knowledge to assess various information security and risk management processes and tools.
• Any "one" certification in; CISSP, CRISC, CISA, CASP, CYSA, ISA, or Security+ CE is preferred.

What You'll Get

SDS, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.

• Competitive base salary
• Medical, dental, and vision insurance coverage
• Optional life and disability insurance provided
• 401(k) with a company match and optional profit sharing
• Paid vacation time
• Paid Bench time
• Training allowance offering
• You'll be eligible to earn referral bonuses!