Security Risk Analyst Job Description Template
Our company is looking for a Security Risk Analyst to join our team.
Responsibilities:
- Identify initiatives with risk areas that need specialized security expertise;
- Provide guidance for new technologies and methodologies as business needs evolve;
- As part of the Corporate Information Security team, you will be assigned to a team to perform the following activities;
- Additional responsibilities as assigned;
- Collaborates with appropriate peers to understand business requirements and define secure requirements and/or solutions;
- Planning and execution of Threat and Risk Assessments of enterprise IT systems and providing recommendations on how to mitigate risks;
- Work on SOC 2 requests and partner with vendor to complete SOC 2 requirements;
- Provides continual monitoring of our environment through the use of automated tools or manual processes to identify and address security incidents;
- Maintain and monitor Information Security Risk Exception process;
- Support internal and external audits by gathering or coordinating the collection of any necessary evidence;
- Clearly document and define risks and potential impacts along with the probability of such an event and identify systems affected by the defined risk;
- Document and update elements of IT security governance (e.g. policies, procedures, standards);
- Perform policy compliance reviews of enterprise IT systems;
- Collect, monitor and analyze IT security metrics to measure the effectiveness of IT security management processes.
Requirements:
- Collect, monitor and analyze IT security metrics to measure the effectiveness of IT security management processes;
- Support internal and external audits by gathering or coordinating the collection of any necessary evidence;
- Perform policy compliance reviews of enterprise IT systems;
- Document and update elements of IT security governance (e.g. policies, procedures, standards);
- Clearly document and define risks and potential impacts along with the probability of such an event and identify systems affected by the defined risk;
- Planning and execution of Threat and Risk Assessments of enterprise IT systems and providing recommendations on how to mitigate risks;
- Collaborates with appropriate peers to understand business requirements and define secure requirements and/or solutions;
- Work on SOC 2 requests and partner with vendor to complete SOC 2 requirements;
- Provides continual monitoring of our environment through the use of automated tools or manual processes to identify and address security incidents;
- Maintain and monitor Information Security Risk Exception process.