Senior Risk Analyst

SENIOR RISK ANALYST FOSTER CITY, CA CONTRACT OPPORTUNITY

Did you know that CompuComs employee benefits start on the first day of employment?

Join COMPUCOM and enjoy our generous, DayOne Benefits(SM)!

Summary:
The global information risk management team partners with IT groups, business groups, and project teams to perform security risk assessments for applications, infrastructure, and vendor/third parties. This position will focus on implementing risk assessment methodologies, including COSO and ISO frameworks. The position will also support the review of technical security requirements, and will support the review, approval and tracking of security exceptions and remediation.

Scope:
This is an individual contributor role responsible for conducting information risk assessments, including identifying and communicating information security risk, and providing recommendations for risk reduction, and in resolving security issues of advanced complexity. This position requires an ability to analyze complex projects, and to identify relevant risk and security policies and gaps. This role works independently with project teams and requires advanced oral and written communication skills.

MAJOR ACTIVITIES:

- As part of the global information risk assessment team, perform and document risk assessments based on involvement and consulting with project teams throughout the organization.
- Perform interviews, analyze design documents, review output from automated scanning tools, threat and vulnerability information to evaluate project and process designs, applications, network infrastructure and information systems, and determine security compliance and overall security risk, based on corporate policies, security requirements documents, industry common practice, and legislative and legal requirements.
- Lead efforts in developing and writing new security requirements documents for network devices, Windows systems, Unix systems, Databases, and other technologies.
- Provide technical training and consulting on current security topics and issues.
- Communicate the concepts of information security to guide information security practices and solutions within the client environment.
- Advocate enhancements to existing processes and procedures to improve information security controls.

REQUIRED QUALIFICATIONS:

- EXPERIENCE PERFORMING INFORMATION/SECURITY RISK ASSESSMENTS REQUIRED
- 5-10 years Information Security experience; understanding of security requirements documents for such assets as Routers, Switches, Firewalls, Windows and UNIX systems, database systems, and security architectures
- CISA AND/OR CISSP CERTIFICATIONS HIGHLY PREFERRED
- Current knowledge of the regulatory and legislative landscape and acquire an in-depth understanding of security policies and practices
- Familiarity with common information security, risk management and controls frameworks such as COSO, COBIT, ISO 17799, 27000 series, etc.
- Experience with threat modelling, threat management methodologies and process analysis
- Ability to translate information risks to business impacts
- Interpersonal and facilitation skills along with effective communication (both written and verbal) skills
- Sound planning, organizational and problem solving skills
- Good project management skills
- Must have the superior ability to work well with others in a supportive team environment, the ability to prioritize multiple high priority activities
- Demonstrated ability to meet deadlines and commitments in an environment that requires multitasking among concurrent projects
- Ability to convey security concepts related to network, application, and systems - to both technical and non-technical audiences
- Familiarity with Archer GRC desired
- Experience with virtualization, cloud, and/or mobile application security nice to have
- Bachelors Degree or equivalent experience

**CompuCom supports Employment Equity and Diversity**

Dallas-based CompuCom Systems, Inc. is a leading provider of end user enablement, service experience management, and cloud technology services to Fortune 1000 companies. CompuCom partners with enterprises to develop smarter ways they can work, grow, and produce value for their business. Founded in 1987, privately held CompuCom has approximately 11,500 associates and supports more than 4 million end users in North America.