Information Security Business Analyst
Information Security Business Analyst Contract Houston, TX Job Overview and Responsibilities The Information Security Business Analyst will support the assessment of the security practices of our third-party suppliers, ensuing they comply with our client's security policies and best practices.
A secondary function is to oversee compliance with mobile security policies of company issued mobile devices.
This position will work very closely with technology and business stakeholders throughout the enterprise as well third-party suppliers.
The Sr.
Manager of Third Party Risk Assessment provides direct supervision.
Job Responsibilities Performing activities to support the third-party Information Security Assessment program by evaluating supplier's security practices to determine security posture and readiness to securely manage our client's IT assets and data they are entrusted with.
Providing risk-based guidance to supplier business stakeholders to ensure transparency, comprehension, and acceptance of the risks involved in doing business with each supplier throughout the supplier lifecycle.
Working with appropriate stakeholders and suppliers to perform security risk assessments, analyzing results to determine ongoing monitoring and remediation requirements, and monitoring to ensure remediation of security gaps in a timely manner.
Supporting program maturation activities though process enhancement and data analytics.
Developing and reporting program metrics to drive leadership decision-making.
May work on one or more moderate to complex projects supporting core and ancillary functions.
Work with internal stakeholders to gather needs and requirements create simple workflow models, process, or application maps.
Knowledge/Skills Possess a Bachelor's degree and a minimum of 3-4 years in an analytical role with relevant technical or business experience.
Experience in Technology, Information Security, or Technical Risk Analysis with a solid understanding of information security fundamentals, best practices, and security regulatory requirements and frameworks such as NIST, ISO, PCI, HIPAA, SOX, Data Privacy, etc.
Experience with Third Party Suppliers/ Vendors or Mobile Device Security Controls.
Ability to analyze systems and networks for a clear written determination of compliance, residual risk, and potential vulnerability mitigation strategies.
Skilled at communicating (oral/written) effectively with peer group, middle, and senior management in all areas of the enterprise.
Skilled at working successfully with cross functional teams, soliciting requirements, conducting assessments and gap analyses, and coordinating project activities.
Ability to think critically and analytically.
Possess the ability to direct work priorities and escalate as appropriate.
Education Bachelor's degree in Computer Science, Information Systems, or Business Administration; however, technical discipline is referred Certifications:
CBAP, CISSP, CISA, CISM or other information security certifications is a plus.
Experis is an Equal Opportunity Employer (EOE/AA).
Estimated Salary: $20 to $28 per hour based on qualifications.
A secondary function is to oversee compliance with mobile security policies of company issued mobile devices.
This position will work very closely with technology and business stakeholders throughout the enterprise as well third-party suppliers.
The Sr.
Manager of Third Party Risk Assessment provides direct supervision.
Job Responsibilities Performing activities to support the third-party Information Security Assessment program by evaluating supplier's security practices to determine security posture and readiness to securely manage our client's IT assets and data they are entrusted with.
Providing risk-based guidance to supplier business stakeholders to ensure transparency, comprehension, and acceptance of the risks involved in doing business with each supplier throughout the supplier lifecycle.
Working with appropriate stakeholders and suppliers to perform security risk assessments, analyzing results to determine ongoing monitoring and remediation requirements, and monitoring to ensure remediation of security gaps in a timely manner.
Supporting program maturation activities though process enhancement and data analytics.
Developing and reporting program metrics to drive leadership decision-making.
May work on one or more moderate to complex projects supporting core and ancillary functions.
Work with internal stakeholders to gather needs and requirements create simple workflow models, process, or application maps.
Knowledge/Skills Possess a Bachelor's degree and a minimum of 3-4 years in an analytical role with relevant technical or business experience.
Experience in Technology, Information Security, or Technical Risk Analysis with a solid understanding of information security fundamentals, best practices, and security regulatory requirements and frameworks such as NIST, ISO, PCI, HIPAA, SOX, Data Privacy, etc.
Experience with Third Party Suppliers/ Vendors or Mobile Device Security Controls.
Ability to analyze systems and networks for a clear written determination of compliance, residual risk, and potential vulnerability mitigation strategies.
Skilled at communicating (oral/written) effectively with peer group, middle, and senior management in all areas of the enterprise.
Skilled at working successfully with cross functional teams, soliciting requirements, conducting assessments and gap analyses, and coordinating project activities.
Ability to think critically and analytically.
Possess the ability to direct work priorities and escalate as appropriate.
Education Bachelor's degree in Computer Science, Information Systems, or Business Administration; however, technical discipline is referred Certifications:
CBAP, CISSP, CISA, CISM or other information security certifications is a plus.
Experis is an Equal Opportunity Employer (EOE/AA).
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
