CyberSecurity Risk Analyst

Security Risk Analyst

A successful candidate will have a strong background in the following areas:

• Development and execution of cyber risk assessments for Honorlock applications, products, and services

• Risk identification through the performance of risk assessments and other measures

• Preparation of risk assessment findings and reports on remediation plan progress

• Due diligence as part of M&A initiatives.

Responsibilities include

• Administration of the cyber risk management program following the NIST or other equivalent cyber risk management framework and other security standards and related industry best practices

• Performance of enterprise cyber risk assessments to identify inherent and residual risks

• Analyze and document findings, recommend and report program gaps to leadership

• Administration of the security risk register and related remediation activities

• Administration of the risk management information system

• Collaboration with technology and business stakeholders to develop and document risk treatment plans in line with the enterprise risk appetite

• Report key metrics including the status of assessments, issue management, and risk management

• Develop and maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices

• Maintain an understanding of emerging trends in information security threats and risks

• Prepare and present risk assessment findings, guide remediation plans and report on progress

Minimum Qualifications

• Bachelor's or Master's degree in Business, Information Technology, Computer Science or

experience

• Must possess 2+ years' experience in compliance, information security, and/or information technology with a focus on security/risk.

• Understanding of cybersecurity risk management maturity practices and frameworks

• Proficiency in the application of NIST Cyber Security Framework (CFS), SOC 2, ISO 27001, and other best-practice standards.

• Understanding of a broad range of security technical concepts

• Excellent project management and organizational skills

• Excellent communication, interpersonal skills, and sound business judgment

Preferred Qualifications:

• Experience performing assessments of IT-related processes such as system and information

security, system development, and change management, computer operations, and data protection

• Experience working with internal and external cybersecurity audits, vulnerability and risk

assessments

• Experience in managing issues through risk analysis/treatment/mitigation processes