*Please submit resumes to go...@cy-tec.com*
Information Security Risk Analyst position, the manager is looking for someone with experience in risk management methods (identification, assessment, reporting) and processes. The individual should also be able to look at risks from a business perspective and relate these back to specific frameworks like ISO, COBIT, etc. Location: Washington, DC Duration: 12+ months *Information Security Risk Management Risk Analyst (5+Years) Background/General Description: The Office of Information Security (OIS) provides information security services to the WBG. OIS’s mission is to protect the WBG’s information assets in a manner that supports the WBG's mission to free the world of poverty. The office develops strategy, standards and processes to protect the confidentiality, integrity and availability of WBG information assets in a manner that is commensurate with their value and risk. OIS maintains an information security program in way that respects the rights and dignities of those it serves and addresses the needs of the WBG’s business units. OIS is responsible for managing security strategy, operations and compliance activities for the WBG’s five member institutions and protecting assets that total more than $628 billion of annual investments in poor and developing countries. In addition, OIS manages security across remote sites in over 180 countries across the globe. OIS is in need of a contractor to work in the area of risk management program design, implementation, planning, and coordination. Duties and Accountability The contractor will have responsibilities for specific individual tasks and for working as an integral part of the team in executing OIS’s work program. The primary responsibilities will include, but are not limited to, a combination of the following: · Develop, document, maintain and support the WBG’s information security risk management program in line with WBG information security policy, practices and leading industry standards; · Understand WBG information security risks pertinent to its business goals and technology infrastructure and design an enterprise information security risk program to identify, assess and respond to risks; · Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance of the WBG, to the WBG’s information security enterprise architecture; · Document risk management policies, practices and procedures; · Work with technology and business teams to facilitate risk assessments, risk evaluation and reporting; · Provide business units with recommendations to reduce information security risk within their areas; · Prepare and present risk assessment reports to system owners, business units and other; · Work with technology and business teams to develop and document risk mitigation action plans; · Monitor and track the status of risk mitigation plans; · Assist in developing and implement risk reporting requirements for OIS, IT and the business stakeholders; · Identify efficiencies to improve the performance and responsiveness of the OIS information security risk function; and · Assist with vendor assessments and risk and control evaluations of new technologies. Selection Criteria 1. Bachelor’s degree in Computer Science, Information Systems or a related technical field. 2. Minimum five (5) years of experience working in an information security, information technology, and information risk management related field. 3. Demonstrated experience leading risk management programs and implementation for a financial services organization or other organizations with similar information security needs and requirements. 4. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications; 5. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility. 6. Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results. 7. Knowledge of best practices and standards for risk management practices specifically with the ISO, COSO, COBIT, OCTAVE, ISO and NIST frameworks. 8. Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP). 9. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG. Ability to collaborate with senior management stakeholders to identify requirements and drive compliance with approved * Thanks & Regards *Gopal Yash* * * *CyberTec, Inc.,* 11710 Plaza America Drive, Suite 2000, Reston, Virginia – 20190 Fax: 866-515-7595 Email: go...@cy-tec.com <mo...@cy-tec.com> www.cy-tec.com -- You received this message because you are subscribed to the Google Groups "REQSRESUMES" group. To post to this group, send email to reqsresu...@googlegroups.com. To unsubscribe from this group, send email to reqsresumes+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/reqsresumes?hl=en.