Senior Risk Analyst

SENIOR RISK ANALYST HIGHLANDS RANCH, CO 10 MONTH CONTRACT

At COMPUCOM, we set you up for job success right from the start. Our precision recruiting process aligns the right fit for the right people.

Must have skills:
Experience performing information/security risk assessments; Minimum of 5-10 years information security experience; Understanding of security requirements documents for such assets as Routers, Switches, Firewalls, Windows and UNIX systems, database systems, and security architectures.

NICE TO HAVE:
Familiarity with Archer GRC; CISA and/or CISSP certifications are HIGHLY preferred.

SUMMARY:
This is an individual contributor role responsible for conducting information risk assessments, including identifying and communicating information security risk, and providing recommendations for risk reduction, and in resolving security issues of advanced complexity. This position requires an ability to analyze complex projects, and to identify relevant risk and security policies and gaps. This role works independently with project teams and requires advanced oral and written communication skills.

MAJOR ACTIVITIES:

- As part of the global information risk assessment team, the candidate will be responsible for performing and documenting risk assessments based on involvement and consulting with project teams throughout the organization.
- The candidate will perform interviews, analyze design documents, review output from automated scanning tools, threat and vulnerability information to evaluate project and process designs, applications, network infrastructure and information systems, and determine security compliance and overall security risk, based on corporate policies, security requirements documents, industry common practice, and legislative and legal requirements.
- The candidate will lead efforts in developing and writing new security requirements documents for network devices, Windows systems, Unix systems, Databases, and other technologies.
- The candidate will provide technical training and consulting on current security topics and issues.
- The candidate will communicate the concepts of information security to guide information security practices and solutions within the enterprise environment.
- The individual will advocate enhancements to existing processes and procedures to improve information security controls. The candidate must have the superior ability to work well with others in a supportive team environment, the ability to prioritize multiple high priority activities, and must have outstanding written and verbal communication skills.

DESIRED QUALIFICATIONS:

- 5-10 years industry experience in information security
- CISA and/or CISSP preferred
- Current knowledge of the regulatory and legislative landscape and ability to acquire an in-depth understanding of client security policies and practices
- Must be able to acquire in-depth knowledge of client network and systems
- Must be able to understand security requirements documents for such assets as Routers, Switches, Firewalls, Windows and UNIX systems, database systems, and security architectures
- Familiarity with common information security, risk management and controls frameworks such as COSO, COBIT, ISO 17799, 27000 series, etc. required
- Must have experience with threat modelling, threat management methodologies and process analysis
- Must be able to translate information risks to business impacts
- Interpersonal and facilitation skills along with effective communication (both written and verbal) skills
- Sound planning, organizational and problem solving skills
- Good project management skills
- Demonstrated ability to meet deadlines and commitments in an environment that requires multitasking among concurrent projects
- Ability to convey security concepts related to network, application, and systems - to both technical and non-technical audiences
- Familiarity with Archer GRC desired
- Previous experience with virtualization, cloud, and mobile application security nice to have experience with related projects
- Bachelor s/Degree or equivalent experience

*CompuCom supports Employment Equity and Diversity*Dallas-based CompuCom Systems, Inc. is a leading provider of end-user enablement, service experience management, and cloud technology services to Fortune 1000 companies. CompuCom partners with enterprises to develop smarter ways they can work, grow and produce value for their business. Founded in 1987, privately held CompuCom has approximately 11,500 associates and supports more than 4 million end users in North America. For more information, visit the website.