*Hi I hope you are doing well. Given below is the requirement from one of our direct client, which can be filled immediately. Kindly respond to this requirement and send me the details given below to speed up the interview process.*
* Job Title - Risk Analyst* *Location - Jersey City, New Jersey Duration - 12 + Months (Possible Extension)* *Rate - DOE* *Job Description -* *The IT Risk Analyst will assist in IT Risk Governance, Analysis, and management activities. Responsible for developing risk dashboards, adaptors/connectors to data sources, implementing risk calculation engines, configuring tools and providing requirements to technical teams. DTCC will be leveraging ISACA's RISKIT and NIST RMF frameworks. Risk Management responsibilities will include maintaining risk register, getting involved in the risk acceptance/mitigation/avoidance process, develop metrics and IT risk KRIs.* *Principal Responsibilities* 1) Develop and maintain IT Risk Dashboard that provides current IT Risk posture 2) Gain knowledge of existing IT Risk scenarios, when and how to apply them. Enhance/develop new scenarios as appropriate 3) Gain knowledge of existing IT Risk controls, when and how to apply them. Be conversant with the relevant control effectiveness measures for the controls. Enhance/develop new controls as appropriate 4) Develop cost benefit analysis models for applicable assessments and articulate risk in monetary terms 5) Document assessment results in IT Risk register, drive risk management processes such as acceptance, mitigation, avoidance, track action plans and ensure processes are being followed 6) Develop metrics and IT Risk KRIs for specific processes, track, monitor and provide regular reports on the metrics 7) As needed integrate/automate manual IT risk processes with resident IT Risk tools using macros, SQL and scripting. Test and ensure accuracy of information resident in relevant IT Risk data stores 8) Review new regulatory guidelines from SEC, FFIEC, NIST etc. and compare against existing controls, policies and processes. Identify gaps, propose new controls to close gaps and drive creation and adoption of the controls 9) Regularly assess the adequacy and effectiveness of IT controls, security policies, and remediation activities to ensure alignment with organizational risk tolerance, and compliance with laws, regulations, industry mandates, and contractual obligations. Initiate actions to ensure that compliance, security and risk gaps are successfully remediated or mitigated with compensating controls. 10) Document and report status of agreed upon remediation plans, owners and commitment dates 11) Document and maintain IT policies and standards. Ensure exceptions are assessed for risk and documented. Lead and participate in annual policy review processes. Ensure technology teams understand how to deploy, comply with and monitor technology policies and standards. 12) Maintain mechanisms to determine measure and report to management an accurate view of IT risk, including, but not limited to repeatable risk identification and evaluation processes, scorecards, surveys, heat maps, and risk register. Provide information risk management consulting to technology teams. 13) Maintain mechanisms to effectively measure and report to management the state of compliance and information security including, but not limited to, control catalogs, compliance requirement matrices, deficiency evaluations, and dashboards. Provide compliance consulting to technology teams. 14) Coordinate and ensure the appropriateness of responses to technology audits and audit-related activities *15) *Participate in process improvement initiatives *Experience* 1) 10+ years overall business experience 2) 5+ years of Information Technology experience with focus on IT Security/Risk 3) College degree in related technical / business areas 4) Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISA, CISM, CISSP, CIPP, CIA, CPA, etc.) 5) Prior experience working with diverse, cross-functional, cross-departmental projects and technologies; PMP certification a plus 6) Well-rounded understanding of technology, operations and key business processes 7) Strong interpersonal skills 8) Excellent written and verbal communication skills *9) *Intermediate to advanced proficiencies with MS Excel, MS Word, and MS PowerPoint as well as SQL knowledge highly desirable *Knowledge/Skills* 1) Demonstrates a high degree of ethics; instills trust and credibility 2) Effectively identifies, collaborates and maintains relationships with relevant stakeholders 3) Portrays strong facilitation, negotiation, and conflict resolution skills 4) Demonstrates superior analytical, writing and presentation skills 5) Translates requirements and risk concepts into relevant and understandable terms. 6) Manages individual workload to deliver with excellence on simultaneous projects and priorities each with tight schedules 7) Experience with GRC tools especially Archer, Brinqa will be a plus *8) *Familiar with risk and control frameworks, and process improvement models (e.g*. Risk IT, NIST RMF, COBIT, COSO, ISO 27002, ITIL, CMM)* 9) Experienced in policy development & management *10) *Possesses deep knowledge of security technologies *Education, Training or Certification* Advanced degree in a technical discipline preferred Regards, Venu 904-371-9198 [email protected] www.platotechinc.com Blog - http://venujobsblog.blogspot.in/ -- You received this message because you are subscribed to the Google Groups "US_IT.Groups" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/us_itgroups. For more options, visit https://groups.google.com/d/optout.
