IT Analyst Risk & Security
Location: Weston, Massachusetts
Location: Weston, MA
Duration: 12+ Months
Top Items we are looking for on resumes:
Awareness & Education Program Experience, Risk Assessment Experience, NIST Controls Implementation Experience
Our client is looking for an Information Security Risk Analyst Contractor with 5-7 years of information security experience.
This position reports to the Associate Director, Team Lead, of Information Security Governance. The incumbent will conduct information security risk assessments to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, developing remediation plans, and publishing reports of results.
The incumbent must have a working knowledge of security frameworks, preferably NIST CSF and NIST 800 series.
There are two contractor positions open; we are seeking to fill the positions based on the principal duties and responsibilities defined as follows:
Contractor 1: Principal Duties and Responsibilities
• Implement Security & Awareness Messaging to align with a monthly pre-defined awareness theme, and quarterly phishing campaigns/reports
• Perform IS Vendor Risk Assessments
• Write Policies and related supporting documentation, such as standards and procedures
Contractor 2: Principal Duties and Responsibilities
• Assign Data Risk Classifications for assets defined in EOS, system of record, and build and train end users on the self-service model
• Assist with the development and implementation of controls in alignment with NIST standards
• Develop the exception handling process
• Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements
• Provide administrative support and development for the SharePoint Online site migration for the CISO organization
• Serve as an information security liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions)
• A Bachelor’s degree in Computer Security / Science or Information Security; or equivalent experience required
• Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, or other related studies preferred
• A minimum of 5-7 years’ experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role.
• Experience with development and implementation of information security awareness and education programs.
• Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT.
• Proven experience with control monitoring principles and practices.
• Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR)
• Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions.
• Excellent analytical and problem-solving skills
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• Excellent verbal and written skills.
• Flexible and able to adapt quickly to changing technology
• Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance.
• Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint
• Experience using an automated GRC tool (i.e. RSA Archer) is a plus
• Biotech and IT experience preferred