Risk Analyst

DETAILS:
The main accountabilities of the Information Risk Consultant are to execute against the direction, vision, and expectations of the group, and partner with stakeholders and peer groups to ensure that the Information Risk Management functions are effective at identifying, analysing, and influencing the management of information risks across the organization. Will be looking at entire Project, Data sensitivity, documentation, etc to understand risk. Must understand holistic view of what is happening. There is also a Vendor assessment component. Will act as a Technical Advisor to these business units offering strategic Direction.

RESPONSIBILITIES INCLUDE:
1. Participate in the risk assessment process to ensure that projects/initiatives comply with policies and standards.
2. Work with stakeholders in the markets, AOW's, internal ITS peer groups and third parties to deliver clear expectations regarding information risk management.
3. Assist in the Procurement Process (with Sourcing and other teams)
4. Participate and consult in the risk assessment of services created for and adopted by customers
5. Create and deliver meaningful reporting mechanisms that assist management in making informed risk based decisions as it pertains to the security posture of the environment.
6. Execute programs for the reporting of security incidents that occur in the environment.
7. Help ensure the organization is complying with all laws, regulations and internally developed Standards or Policies surrounding the confidentiality, availability, and integrity of our information assets.
8. Assist in the maintenance of healthy and measured accountability between company and its security product and service suppliers.

SKILLS:

MINIMUM REQUIREMENTS

- MUST HAVE CURRENT: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) Global Information Assurance Certification (GIAC)
- 3+ years of experience in an IT Audit, Security, or Enterprise Risk Management (ERM) role
- 3+ years of experience with regulatory compliance and information security management frameworks (eg, IS027000, COBIT, NIST 800, PCI DSS, etc.)
- Proven communication skills with the ability to translate complex technical issues or concepts to non-technical audiences in a clear and fast way.
- Proficient in technical writing and creation of policies, standards, procedures and guidelines
- Experience in web and application vulnerability management a plus
- Prefer very senior candidates