Security Risk Analyst Job Description

View Security Risk Analyst jobs

Security Risk Analyst Job Description Template

Our company is looking for a Security Risk Analyst to join our team.

Responsibilities:

  • Identify initiatives with risk areas that need specialized security expertise;
  • Provide guidance for new technologies and methodologies as business needs evolve;
  • As part of the Corporate Information Security team, you will be assigned to a team to perform the following activities;
  • Additional responsibilities as assigned;
  • Collaborates with appropriate peers to understand business requirements and define secure requirements and/or solutions;
  • Planning and execution of Threat and Risk Assessments of enterprise IT systems and providing recommendations on how to mitigate risks;
  • Work on SOC 2 requests and partner with vendor to complete SOC 2 requirements;
  • Provides continual monitoring of our environment through the use of automated tools or manual processes to identify and address security incidents;
  • Maintain and monitor Information Security Risk Exception process;
  • Support internal and external audits by gathering or coordinating the collection of any necessary evidence;
  • Clearly document and define risks and potential impacts along with the probability of such an event and identify systems affected by the defined risk;
  • Document and update elements of IT security governance (e.g. policies, procedures, standards);
  • Perform policy compliance reviews of enterprise IT systems;
  • Collect, monitor and analyze IT security metrics to measure the effectiveness of IT security management processes.

Requirements:

  • Collect, monitor and analyze IT security metrics to measure the effectiveness of IT security management processes;
  • Support internal and external audits by gathering or coordinating the collection of any necessary evidence;
  • Perform policy compliance reviews of enterprise IT systems;
  • Document and update elements of IT security governance (e.g. policies, procedures, standards);
  • Clearly document and define risks and potential impacts along with the probability of such an event and identify systems affected by the defined risk;
  • Planning and execution of Threat and Risk Assessments of enterprise IT systems and providing recommendations on how to mitigate risks;
  • Collaborates with appropriate peers to understand business requirements and define secure requirements and/or solutions;
  • Work on SOC 2 requests and partner with vendor to complete SOC 2 requirements;
  • Provides continual monitoring of our environment through the use of automated tools or manual processes to identify and address security incidents;
  • Maintain and monitor Information Security Risk Exception process.