Job Details

Information Security Risk Analyst

NEW YORK-10005, NY, US
11/08/2016

-


Required Skills

    CISA
Company

Infinity Consulting Solutions, Inc

Experience

-

Job Description

The InfoSec & Technology Controls Testing Team is accountable for the execution of a number of programs relating to assessing design and testing effectiveness of key controls as well as testing compliance with Technology and Information Security Policies.

These programs span across Technology and the remit of the Firm’s Global Information Security Program Policy.

In order to accomplish this, the Controls Testing team member will operate within the global framework, regulatory and industry best practice, while partnering with various stakeholders to ensure that objectives of the relevant programs are met.

Primary Responsibilities

Based in New York, the role’s responsibilities include:

- Delivering and operating the objectives of the global control testing program and managing control testing requirements

- Building strong positive relationships with the local Information Security / Risk community, within Technology and also the Firm, for example Internal Audit, Operational Risk Department, Risk Officers, Business Unit Information Security Officers (BUISOs)

- Developing and delivering program specific communications and education to stakeholders on risk and control related matters e.g. technology and information security governance forums

- Presenting overview / results of testing program to stakeholders, senior management and other relevant parties

- Coordinating stakeholders across Firm departments (e.g. Divisional Risk Officers and BUISOs) to scope relevant testing e.g. Policy Compliance Testing, request based control testing

- Planning, performing and/or supervising testing of controls and/or policy compliance, providing regular management reporting on progress to meet regional requirements

- Producing or reviewing work paper documentation to standards suitable for use by auditors

- Status, risk and issue reporting on program progress and deliverables

- Preparing documentation of identified risks and issues for reporting in centralized issue / risk tracking applications

- Preparing summary reports for Management communication on results of control/compliance testing

- Monitoring and reporting on status of identified issues impacting relevant programs

Required Skills

- Working knowledge of key Technology and Information Security concepts e.g. data classification, protection,

policies, governance, privacy, security assessment tools

- Risk and Control Knowledge: Understanding of key concepts related to risk assessment, controls and testing

- Analytical Thinking: Engages in process-based thinking to effectively obtain, analyze and interpret information, identify root causes of problems, and draw the appropriate conclusions

- Communication: Clearly, completely and concisely communicates ideas and adapts style and content of communication appropriate for the audience

- Influence: Gains support and buy-in from others in order to motivate them to achieve business goals and objectives

- Technology: Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify and validate risk and controls

- Builds and sustains relationships: Builds and maintains networks of relationships and effectively leverages them to achieve work-related objectives

- Organization: Exceptional organizational skills; a high degree of attention to detail and ability to manage multiple priorities

- Drive: Self-starter with an ability to be proactive

- Operational Risk Knowledge: Understanding of relevant local technology risk regulations and the associated application to a financial services business



Desired Skills and Competencies

- Business/Product Knowledge: Familiarity and experience with financial services and the processes related to the marketing, selling and trading of securities, derivatives and/or commodities in the financial services industry is a strong plus, but is not required.



Education, Background & Experience Required

Education: Bachelor’s degree

A minimum of 10 years of relevant risk experience from roles in any of the following:

- Regulatory (e.g., working as a financial services regulator or having experience dealing with regulators)

- Audit (internal or external)

- Risk Officer / Information Security Officer

- Technology Risk Governance

- Risk Assessment (e.g., RCSA)

- Control Testing (e.g., SOX)

- Information Security / IT Security (e.g., Entitlements Management, Segregation of Duties, Threat Management, Penetration Testing, Strategy)

- Technology / Information Security Policy / Procedures

- Process/Risk/Control Frameworks, e.g., COBIT



Qualifications Desired

Certifications: Attainment of the following certifications is a strong plus, but not required

- Certified in Governance for Enterprise IT (CGEIT)

- Certified Internal Auditor

- Certified Information Systems Auditor (CISA)

- Certified Information Security Manager (CISM)

- Certified Information Security Professional (CISP)

- Certified in Risk and Information Systems Control (CRISC)

- ISO 27001 Auditor









Security Analyst
Information Technology

No Preference
FullTime Job
Other
1

Candidate Requirements
-
Bachelors

Walkin Information
-
-
-

Recruiter Details
Doug Klares
1350 Broadway, Suite 2205, NEW YORK-10018, NY, US
-