- Entry level
- No Education
- Salary to negotiate
- New York City
Datrose is seeking a Senior IT/IS Risk Analyst for a Direct Hire opportunity in New York, NY! This is an excellent opportunity for the right individual. If interested in exploring this great opportunity, please apply directly at www.datrose.com/careers. Veterans are encouraged to apply.
Primary responsibilities include: -Performs complex risk assessments of applications, infrastructure, business and technology vendors against a defined risk framework. Assessments are conducted either through a formalized risk assessment program or through other risk reporting activities (e.g., policy exceptions, risk acceptance). Provides primary support for vendor attestation documentation review. Provides specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate third party risks. Enhances IT/IS risk assessment framework, maintains and improves control and threat library. Vulnerability assessments and any other relevant areas and support Vendor Risk Management group in performing third party service providers due diligence.Primary responsibilities include:-Performs third party due diligence on service providers from an IT and IS perspective, ensuring that their controls are adequate to protect the Bank’s data; capability to include providing recommendations and evaluating management response to ensure that remediation plans and tasks adequately address identified gaps-Performs IT/IS risk assessments on Bank’s applications and other assets-Provides support to the IS/IT Application Risk Assessment Program by interfacing and facilitating assessment activities with Vendors-Performs reviews and create reports on third party assurance documents (i.e., SOC 1, SOC 2, and etcetera)-Participates in controls testing to make sure controls are adequate; maintains Risk and Control Self-Assessment framework within the department-Reviews security assessments of new and existing third party service providers and ensures they comply with regulatory and audit obligations; including review of controls e.g. SSAE 18/SOC1/SOC2/Pen. Test/ISO27001, and third party attestation artifacts-Contributes and participates in on-site or remote vendor audits that may require InfoSec/Cyber expertise
Qualifications:-6 years of Risk Management experience in areas of application infrastructure, vendor risk mgmt. and minimum 4 years’ relevant work experience supporting IT/IS Risk vendor due diligence required-Associate’s degree (AA) or equivalent from two-year college or technical school required-CISSP, CRISC, CISM, SANS or similar relevant certification preferred-Strong communication, leadership, interpersonal and collaborative skills-Experience with ISO 27001-2, NIST 800-53 or other controls framework and strong understanding of security certification such as SOC1/SOC2, SSAE 16/18, ISO27000
Datrose is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, pregnancy, status as a parent, age, protected veteran status, family medical history or genetic information, political affiliation, status as a qualified individual with disability, or other non-merit based factors.
About the company