Job Title: Senior Information Security Risk Analyst Contract Duration: 6+ months
Location: Marlborough, MA Responsibilities . Help identify appropriate control standard and assessment frameworks. . Assist in implementation of Enterprise Governance, Risk and Compliance (eGRC) tool to support the Risk Management program. . Coordinate business-level information security risk assessments for key information assets. . Help to identify and track mitigation actions intended to reduce identified risks, as well as tracking and reporting on changes in key risk indicators. . Work with the vendor management team to perform thorough technical and policy-based information security risk assessments of key third party vendors. . Work with internal application, infrastructure, and architecture teams to assess the information security risk of existing technology, infrastructure and processes as well as proposed projects. . Assist with Information Security Awareness programs delivered firmwide as well as tailored to specific groups. . Assist with information security risk aspects of internal audits. Min Requirements: . 5+ years experience in the area of Information Security Risk Analysis. . Proven experience using Governance, Risk & Compliance (GRC) framework, and experience working with enterprise GRC platform tools to understand, evaluate, and quantify risk. . Experience with Vendor Management Programs, performing risk assessments of third party service providers/vendors based on ISO27001 and SIG, review of SSAE16, etc. . Experience and knowledge of control standards and evaluation frameworks such as ISO27001, NIST Cybersecurity Framework, etc. . Experience performing technical risk assessments for internal projects, working closely with the architecture team. . Significant breath of technical experience and critical analysis skills sufficient to perform detailed risk analysis on a variety of technologies and use cases. . Past experience working with auditors to prepare SSAE16 or similar reports. . Experience responding to client RFPs, and meeting with clients to review information security posture. . Excellent verbal and written communication skills and presentation skills. This role will have a focus in 2 major areas: 1. Perform Risk Assessment and information security with Vendors and Products for the business 2. GRC - Working with the tool (we have purchased Archer but other tools will suffice) to develop the business processes into it. Thanks & Regards, Ankur Mohan, Senior Consultant - IT Recruitments, Quantronix, Inc., 2969 Whitney Avenue Hamden, CT 06518 Tel: 203-718-2011 Skype: ankur.quantronix Email: an...@quantronix.com <mailto:vand...@quantronix.com> ---- Quantronix Disclaimer ---- This communication (including any accompanying documents) is intended only for the use of the addressee(s) and contains information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, dissemination, distribution or copying of this communication is prohibited. If you have received this communication in error, please notify us immediately via postmas...@quantronix.com and promptly destroy the original communication and all copies taken thereof. Thank you for your cooperation. --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com -- You received this message because you are subscribed to the Google Groups "SAP or Oracle Financials" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-or-oracle-financials+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. Visit this group at http://groups.google.com/group/sap-or-oracle-financials. For more options, visit https://groups.google.com/d/optout.