Senior Risk Analyst

Senior Risk Analyst
Highlands Ranch, CO
12 Month Contract

You're covered with COMPUCOM. We offer our temporary employees full benefits. Always have. Always will. Join us!

SUMMARY: The global information risk management team partners with IT groups, business groups, and project teams to perform security risk assessments for applications, infrastructure, and vendor/third parties. The position will focus on implementing risk assessment methodologies, including COSO and ISO frameworks. The position will also support the review of technical security requirements, and will support the review, approval and tracking of security exceptions and remediation.

SCOPE: This is an individual contributor role responsible for conducting information risk assessments, including identifying and communicating information security risk, and providing recommendations for risk reduction, and in resolving security issues of advanced complexity. This position requires an ability to analyze complex projects, and to identify relevant risk and security policies and gaps. This role works independently with project teams and requires advanced oral and written communication skills.

MAJOR ACTIVITIES:

- As part of the global information risk assessment team, the candidate will be responsible for performing and documenting risk assessments based on involvement and consulting with project teams throughout the org.
- The candidate will perform interviews, analyze design documents, review output from automated scanning tools, threat and vulnerability information to evaluate project and process designs, applications, network infrastructure and information systems, and determine security compliance and overall security risk, based on corporate policies, security requirements documents, industry common practice, and legislative and legal requirements.
- The candidate will lead efforts in developing and writing new security requirements documents for network devices, Windows systems, Unix systems, Databases, and other technologies.
- The candidate will provide technical training and consulting on current security topics and issues.
- The candidate will communicate the concepts of information security to guide information security practices and solutions within the client environment.
- The individual will advocate enhancements to existing processes and procedures to improve information security controls.
- The candidate must have the superior ability to work well with others in a supportive team environment, the ability to prioritize multiple high priority activities, and must have outstanding written and verbal communication skills.

DESIRED QUALIFICATIONS:

- 5-10 years industry experience in information security
- Current knowledge of the regulatory and legislative landscape and acquire an in-depth understanding of security policies and practices
- Must acquire an in-depth knowledge of the client's network and systems
- Must be able to understand security requirements documents for such assets as Routers, Switches, Firewalls, Windows and UNIX systems, database systems, and security architectures
- Familiarity with common information security, risk management and controls frameworks such as COSO, COBIT, ISO 17799, 27000 series, etc.
- Experience with threat modelling, threat management methodologies and process analysis
- CISA and/or CISSP certifications preferred
- Familiarity with Archer GRC preferred
- Experience with virtualization, cloud, and/or mobile application security a plus
- Ability to translate information risks to business impacts
- Interpersonal and facilitation skills along with effective communication (both written and verbal) skills
- Ability to convey security concepts related to network, application, and systems - to both technical and non-technical audiences.
- Sound planning, organizational and problem solving skills
- Good project management skills
- Demonstrated ability to meet deadlines and commitments in an environment that requires multitasking among concurrent projects
- Bachelor's Degree or equivalent experience

*CompuCom supports Employment Equity and Diversity*Dallas-based CompuCom Systems, Inc. is a leading provider of end-user enablement, service experience management, and cloud technology services to Fortune 1000 companies. CompuCom partners with enterprises to develop smarter ways they can work, grow and produce value for their business. Founded in 1987, privately held CompuCom has approximately 11,500 associates and supports more than 4 million end users in North America. For more information, visit our website