Information Security Risk Assessment Analyst

Infotech Sourcing - Menlo Park, CA

Job Title: Information Security Risk Assessment Analyst- 8261506

Type: Contract (W2 Only)

Duration: 6+ months (potential to convert/extend based on performance)

Location: Menlo Park, CA

Responsibilities

  • Independently perform risk based security reviews of first and third parties at company including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.

  • Articulate security findings to internal and external stakeholders including third-party vendors

  • Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits

  • Negotiate acceptance of remediation plans and timelines based on criticality of each finding

  • Participate in the development and oversight of corrective actions relating to security issues

  • Compile and report out security risk and operational metrics

  • Participate in cross-functional, team, and status review meetings

  • Recommend process improvement and strategic initiatives as related to security assessment

Qualifications

  • Must have prior experience with first or third-party security assessment

  • In-depth knowledge of security assessment lifecycle

  • Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies

  • Ability to identify and assess security risks and recommend mitigating controls

  • Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter

  • Good understanding of the various hacking techniques and the defensive countermeasures

  • Good understanding of the threat landscape as related to vendors

  • Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry

  • Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences

  • Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.

  • Excellent verbal and written communication skills

Other desirable skills & experience
Program and project management skills
Risk management frameworks and techniques
Threat modeling techniques
Software development
CISSP, CEH certifications
Good grasp of NIST, PCI, ISO, and SOC

Education

  • Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security

  • Certification & Licenses: CEH. CISSP



Posted On: Thursday, June 21, 2018



Apply to this job
or